Robert Myers wrote:
>> Robert Myers wrote:
>> >> Who cares what some clueless newsgroup poster thinks.
>>
>> > In my years on this planet, and, more recently in dealing with usenet
>> > hotheads, I've learned not to rely on my own knowledge and experience
>> > when I don't have to.
>>
>> > Even so:
>>
>> > 1. I am not clueless.
>>
>> You're probably not clueless about theory. You're apparently (as you
>> demonstrated many times here) clueless about real life practice. In
>> theory there is no difference between theory and practice, but in
>> practice there is :)
>>
>> > 2. The people I talk to are even less clueless than I am.
>>
>> No one here knows who you talk to. You only talked about Edsger
Dijkstra,
>> who Requeiscat in Pace for about 6 years. I presume you don't talk to
>> dead people, otherwise we should move to another newsgroup
>> (sci.parapsychology or something)
>>
> If you're interested in computational theory, you find others who are
> likewise interested. The list of names is rather short, so the same
> names keep coming up over and over again. Software security and
> reliability is a *big* concern right now. I'll just leave it at that.
But theoretical solutions work in theory. Practical ones, while based on
theory, implement that theory in reality. And the problem here is that
theory is severely lacking it this field.
>> >> 1. very expensive
>> >> 2. does not guarantee total correctenss -- it only reduces chances
of
>> >> error
>>
>> > Given the choice between something with solid mathematical
foundations
>> > and something that relies exclusively on someone like you, I'd choose
>> > the former every single time.
>>
>> Now put price tags to that choices. For example $100000 vs $1000. Then
>> the choice is to have anything or have nothing.
>>
>> > As to the cost, when I said we'd be
>> > better off with less software, I meant it, and I still mean it.
>>
>> Yeah and there is no market for more than three computers.
>>
> This business has a long history of preposterous *****sments by those
> in the business, and you just made another.
ROTFL! You even didn't get the joke... That statement is not mine, it's 60
years old...
> The Internet almost
> certainly would not be what it has become.
That's for sure. It would look like it looked back in eighties at best.
There would be few universities and military institutions connected.
But funnily enough, there would be relatively little security concerns, as
there were 20 years ago.
>
>> If you're better off with that the throw your computer out. As there
>> would be no software to run in.
>>
> There'd be a lot *less* software, but there wouldn't be no software.
There would be *no* software for personal computers. Period.
As there would be no operating system useable by average non-specialist.
>> To have formal verification possible one has to have formal
specification
>> to begin with. And that formal specification must be right and error
free
>> itself. Unfortunatly for you and others like you, for majority of stuff
>> out there there is no formal specification and even worse there are no
>> known means to phrase it. The possibility to get something like
>> more-or-less formal specification is in aerospace industry and other
guys
>> dealing with big dangerous stuff. And that specification is possible
only
>> for the core process, not interface. Bad human interface has already
cost
>> hundreds or even thousands of lives yet nobody knows how to define
that.
>>
> That's the way the industry has developed. It is not inevitable.
It *is* inevitable. For example we don't have such basic stuff like
mathematical tools to describe im****tant aspects of systems like
human-machine interaction.
Show me mathematical formula describing good user interface.
>> > You don't have to rely on my "clueless" opinion. I've posted on the
>> > subject of the costs of our current setup, with citations. I've had
>> > public discussions with software development managers in critical
>> > applications who lamented exactly as I did.
>>
>> Critical how? Life? Business? Mission? There is no just critical, one
>> must first quantize it.
>>
> It would be silly of me to try to invent disaster scenarios on Usenet
> since there are already people burning big taxpayer bucks spinning
> more elaborate yarns than I ever could.
IOW you don't know what you're talking about.
>> > Well he should have, a
>> > software boner had just cost his high-profile publicly-traded company
>> > big bucks.
>>
>> Oh, terrible. Maybe even better is to create software police and shoot
>> all of them off. Hey, it's capitalism out there. If those boners make
big
>> money with crap product go and make yours.
>
> Those are clearly your values.
I lived in socialism long enough to say f..k off to every idiot proposing
it. Or I'd rather send them for 1-2 years to live as normal citizen (not
honourable guest but plain normal citizen) in some socialistic country. It
straightens the view on many things very well.
>> Its going to be real good stuff not
>> crap, so it should sell and get all those idiots out of the market,
>> right?
>>
> The companies I admire the most make "really good crap." They're not
> bad people, and I can only envy their competence. I just don't
> approve of the risks being built into the enterprise, whether it's to
> financial markets, individuals on the Internet, the military, or any
> other place where the person to pay the price isn't the person who
> "estimated" the risk.
Reality bites. It's simply, plain impossible to make only risk estimators
take the risk, and no one else. Or everyone would be just risk estimation
specialist, and there would no one to make actual product to begin with :)
It's an illogical utopia.
>
>> > As it is, with an internet, *everything* is a critical
>> > application.
>>
>> Absolute nonsense.
>>
> I've already explained this.
>
> http://www.packetstormsecurity.net/
So what?
Funnily you show that link. It so happend that the first security advisory
there says: "Luciano Bello discovered that the random number generator in
Debian's openssl package is predictable."
That fits nicely here. You want to specify good random number generator
and
implement that according to the specification. So show how to describe one
formally, as neither "good" nor "predictable" is useable.
Well, if you can there is 1 million $ lying out there :) As it so happens
that mere proof of existence of such good pseudorandom number generator
means nonuniform-P is a proper subclass (i.e. is different) of NP, and
it's
a simple fact that P is a subclass (no one knows if its proper or not, but
it does not matter here) of nonuniform-P which would mean that P <> NP and
there is nice round $1 million waiting for one who proves (or disproves)
that :)
So far with formal verification of security :)
It's all based on beliefs of nonexistence of shortcuts, quality of PRNGs,
and such stuff. Those beliefs are sup****ted by testing, but are not
formally proven.
>> > Know Edsger Dikstra? Want to call him an idiot, too? Just to be
>> > sure, I googled on your name to see if you, too, had won a Turing
>> > Award. If so, google missed it.
>>
>> Neither I have Nobel prize nor Fields medal. But what is has to do the
>> theme at hand? The practical reality?
>> Prof Dijkstra quickly escaped from his brief industry adventure back to
>> academia right in 60ties. Later on he even didn't use computers for
long
>> time *he finally used mac just for web and email). He is perfect
example
>> of great theoretician, like Enstein, Gauss and others. He is one of
those
>> greats who create theoretical foundations but leave the practical stuff
>> to others.
>>
> Dijkstra, as you may know, was a big advocate of formal verification.
But he didn't suggest to stop making other software. He wanted to improve
methods as theory better covering things was developed.
> Know one knows what the world of software development would be like if
> the world had followed his advice.
World has no tools to follow his advice. His advice can be followed in
relatively simple, closed systems like mechanical device, or some process
controll logic.
> Your estimates of costs are just
> numbers pulled out of the air, because no one knows what the costs
> would look like if the methodologies were widely used.
Nope. The difference would be small constant factor. The tools like SPARK
are out there, and while specialists who mastered them are rare and thus
their work must be well paid, this is just a small constant difference
(small means around 3).
It is only useable in systems where level of trust must be so high that
testing would be too costly. And it so happens that those systems are
posible to be specified well, as they are relatively simple and closed.
>> Nope. It so happens I develop software for those who certainly can
count,
>> estimate risk, etc. (i.e. financial institutions).
>
> hahahahahahahahaahahaha.
>
> hahahahaahahahahahahaha.
>
> hahahahahahaahahahahaha.
>
> Long Term Capital Management.
>
> Practically every player in financial markets today.
You only shows your lack of grip in reality.
> It's questionable, highly questionable, if they know even how to
> estimate risk in a way that prevents catastrophic events or even
> limits catastrophic events to what is theoretically possible.
You compare stuff which is by the very nature unpredictable (if someone
would predict it the one would influence it in unpredictable way) with
stable (unchanging) stuff with measurable properties.
>
> It's true.
It's nonsense. A nonsense which could be produced by someone who do not
understands things one is talking about.
> We'll never know what role, if any, software glitches play
> in creating chaos, because there are even bigger problems.
>
> The mafia doesn't care about software quality, either, I'm sure.
>
> You're in the right business, that's for sure.
You're talking about things you're completely clueless about, that's for
sure.
>>They do accept the risk
>> and are perfectly aware of that.
>
> No they don't. The taxpayers accept the risk.
Nonsense.
[rest of clueless babbling snipped]
>> And they certainly do not want formal
>> verification for vast majority of stuff. They don't want that for very
>> simple reason -- money, as they don't want to waste it.
>
> Time.
Time resource like others. All resources cost money.
>> > As it is, you can afford to let it slide, because the risk-taker is
>> > always the end user.
>>
>> Nope. It's now clear that you have no clue about reality and only
spread
>> urban legend type misconceptions.
>>
> That's so funny. IBM (International _Business_ Machines) invented the
> whole idea. How could they get away with it?
> They had something that others wanted so badly that others had to
> accept it on the terms they offered, no matter that no other product
> in the world has ever been sold that way. Microsoft picked up,
> tightened up, and expanded the idea to ridiculous extremes. Now, if
> your Real Player
ROTFL! If only Real Player was a MS product...
> becomes a gateway for criminal activity, it's your
> problem, not theirs. And that, sir, is the sense in which all
> applications are critical applications.
ROTFLMAO!
You don't know squat what is a critical application!
Or maybe hammer I can buy at any farmers shop is a critical device, as it
could be used for criminal activity.
> It might be interesting to examine how this transfer of risk took
> place. Doctors stumble under the cost of malpractice insurance.
Don't extrapolate your local problems to the rest of the world.
That's the main reason you have to pay 6 times more per stupid dentist
visit
than I do. And it's not drugs and tools cost at all, as those are more
expensive here. But in our hospitals you wont find entire floor filled by
lawyers.
> Lawyers get sued by disgruntled clients. Manufacturers of real goods
> get sued from here to kingdom come based sometimes on the most
> preposterous theories.
And who pays for all that? Thats you and all other customers.
> Software developers? Here it is, buddy. Take it or leave it.
Exactly. Take it or leave it. I prefer that for other things as well.
Sebastian Kaliszewski
--
"Never underestimate the power of human stupidity" -- L. Lang
|
