[M3devel] Heartbleed, initialization, and Modula-3
Dragiša Durić
dragisha at m3w.org
Thu Jun 5 11:18:21 CEST 2014
In my experience, big strength of Modula-3, safety-wise, is easy isolation of unsafe code. I like to separate single unsafe method to separate source file, implementing same interface in two or more source files, with only one of them unsafe. This drastically eases code review, and code review is another important step which failed in this Heartbleed case.
C is unsafe at scale of 100%. What are we exactly reviewing when we review C code safety? Decision to use it in first place?
dd
On 05 Jun 2014, at 10:51, Henning Thielemann <schlepptop at henning-thielemann.de> wrote:
> Am 05.06.2014 00:39, schrieb Rodney M. Bates:
>
>> Olaf's recent mention of safe languages and Heartbleed prompted me to
>> look into the specifics of the bug, particularly to see what Modula-3
>> might have done to prevent it.
>
> My general experience is that a language is only as safe as the programmer wants to. You can add as many safety belts as you like, a careless programmer will always find a way to remove them. I consider the value of safe languages the other way round: A careful programmer can get a lot of security support from a safe language.
>
> The programmer of the heartbleed bug was criticized for rating performance higher than security and other things. There would have been ways to prevent that bug even in C.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://m3lists.elegosoft.com/pipermail/m3devel/attachments/20140605/c2b4215c/attachment-0002.sig>
More information about the M3devel
mailing list