On May 13, 6:51 am, Sebastian Kaliszewski
<s.usun...@[EMAIL PROTECTED]
> wrote:
> Robert Myers wrote:
> >> Who cares what some clueless newsgroup poster thinks.
>
> > In my years on this planet, and, more recently in dealing with usenet
> > hotheads, I've learned not to rely on my own knowledge and experience
> > when I don't have to.
>
> > Even so:
>
> > 1. I am not clueless.
>
> You're probably not clueless about theory. You're apparently (as you
> demonstrated many times here) clueless about real life practice. In
theory
> there is no difference between theory and practice, but in practice
there
> is :)
>
> > 2. The people I talk to are even less clueless than I am.
>
> No one here knows who you talk to. You only talked about Edsger
Dijkstra,
> who Requeiscat in Pace for about 6 years. I presume you don't talk to
dead
> people, otherwise we should move to another newsgroup
(sci.parapsychology
> or something)
>
If you're interested in computational theory, you find others who are
likewise interested. The list of names is rather short, so the same
names keep coming up over and over again. Software security and
reliability is a *big* concern right now. I'll just leave it at that.
> >> 1. very expensive
> >> 2. does not guarantee total correctenss -- it only reduces chances of
> >> error
>
> > Given the choice between something with solid mathematical foundations
> > and something that relies exclusively on someone like you, I'd choose
> > the former every single time.
>
> Now put price tags to that choices. For example $100000 vs $1000. Then
the
> choice is to have anything or have nothing.
>
> > As to the cost, when I said we'd be
> > better off with less software, I meant it, and I still mean it.
>
> Yeah and there is no market for more than three computers.
>
This business has a long history of preposterous *****sments by those
in the business, and you just made another. The Internet almost
certainly would not be what it has become.
> If you're better off with that the throw your computer out. As there
would
> be no software to run in.
>
There'd be a lot *less* software, but there wouldn't be no software.
> To have formal verification possible one has to have formal
specification to
> begin with. And that formal specification must be right and error free
> itself. Unfortunatly for you and others like you, for majority of stuff
out
> there there is no formal specification and even worse there are no known
> means to phrase it. The possibility to get something like more-or-less
> formal specification is in aerospace industry and other guys dealing
with
> big dangerous stuff. And that specification is possible only for the
core
> process, not interface. Bad human interface has already cost hundreds or
> even thousands of lives yet nobody knows how to define that.
>
That's the way the industry has developed. It is not inevitable.
> > You don't have to rely on my "clueless" opinion. I've posted on the
> > subject of the costs of our current setup, with citations. I've had
> > public discussions with software development managers in critical
> > applications who lamented exactly as I did.
>
> Critical how? Life? Business? Mission? There is no just critical, one
must
> first quantize it.
>
It would be silly of me to try to invent disaster scenarios on Usenet
since there are already people burning big taxpayer bucks spinning
more elaborate yarns than I ever could.
> > Well he should have, a
> > software boner had just cost his high-profile publicly-traded company
> > big bucks.
>
> Oh, terrible. Maybe even better is to create software police and shoot
all
> of them off. Hey, it's capitalism out there. If those boners make big
money
> with crap product go and make yours.
Those are clearly your values.
> Its going to be real good stuff not
> crap, so it should sell and get all those idiots out of the market,
right?
>
The companies I admire the most make "really good crap." They're not
bad people, and I can only envy their competence. I just don't
approve of the risks being built into the enterprise, whether it's to
financial markets, individuals on the Internet, the military, or any
other place where the person to pay the price isn't the person who
"estimated" the risk.
> > As it is, with an internet, *everything* is a critical
> > application.
>
> Absolute nonsense.
>
I've already explained this.
http://www.packetstormsecurity.net/
> > Know Edsger Dikstra? Want to call him an idiot, too? Just to be
> > sure, I googled on your name to see if you, too, had won a Turing
> > Award. If so, google missed it.
>
> Neither I have Nobel prize nor Fields medal. But what is has to do the
theme
> at hand? The practical reality?
> Prof Dijkstra quickly escaped from his brief industry adventure back to
> academia right in 60ties. Later on he even didn't use computers for long
> time *he finally used mac just for web and email). He is perfect example
of
> great theoretician, like Enstein, Gauss and others. He is one of those
> greats who create theoretical foundations but leave the practical stuff
to
> others.
>
Dijkstra, as you may know, was a big advocate of formal verification.
Know one knows what the world of software development would be like if
the world had followed his advice. Your estimates of costs are just
numbers pulled out of the air, because no one knows what the costs
would look like if the methodologies were widely used.
>
>
>
> Nope. It so happens I develop software for those who certainly can
count,
> estimate risk, etc. (i.e. financial institutions).
hahahahahahahahaahahaha.
hahahahaahahahahahahaha.
hahahahahahaahahahahaha.
Long Term Capital Management.
Practically every player in financial markets today.
It's questionable, highly questionable, if they know even how to
estimate risk in a way that prevents catastrophic events or even
limits catastrophic events to what is theoretically possible.
It's true. We'll never know what role, if any, software glitches play
in creating chaos, because there are even bigger problems.
The mafia doesn't care about software quality, either, I'm sure.
You're in the right business, that's for sure.
>They do accept the risk
> and are perfectly aware of that.
No they don't. The taxpayers accept the risk. If you have a
bottomless backup for your Ponzi scheme, risk is only a matter of
appearances. What you really mean to say is that financial markets
know how to keep up appearances so that it will seem, when their
mistakes become obvious, that it isn't really their fault. Too bad
the rest of us can't live that way.
> And they certainly do not want formal
> verification for vast majority of stuff. They don't want that for very
> simple reason -- money, as they don't want to waste it.
Time.
>
> > As it is, you can afford to let it slide, because the risk-taker is
> > always the end user.
>
> Nope. It's now clear that you have no clue about reality and only spread
> urban legend type misconceptions.
>
That's so funny. IBM (International _Business_ Machines) invented the
whole idea. How could they get away with it?
They had something that others wanted so badly that others had to
accept it on the terms they offered, no matter that no other product
in the world has ever been sold that way. Microsoft picked up,
tightened up, and expanded the idea to ridiculous extremes. Now, if
your Real Player becomes a gateway for criminal activity, it's your
problem, not theirs. And that, sir, is the sense in which all
applications are critical applications.
It might be interesting to examine how this transfer of risk took
place. Doctors stumble under the cost of malpractice insurance.
Lawyers get sued by disgruntled clients. Manufacturers of real goods
get sued from here to kingdom come based sometimes on the most
preposterous theories.
Software developers? Here it is, buddy. Take it or leave it.
Robert.
Robert.
|
