[Haskell-cafe] www.galois.com vs Google??

Vasili I. Galchin vigalchin at gmail.com
Fri Aug 1 08:53:04 UTC 2014


Tobias,

     I pretty agree with your response. I was  trying to challenge the
entire audience to think about the issue about software
correctness(e.g. strong typefullness (and static type checking) like
Haskell, et. al. vs no type-checking/ dynamic type checking). My point
is how can we as a community respond to Google's challenge?? In my
humble opinion (IMHO) I think Google has missed the point regarding
contemporary software correctness problems  .. (and also the Tor
project . given the languages of implementation) ..

       Here is a very simple and cheesy example .. I worked at HP on a
contract .. . a predecessor   of mine used with typefullnes of C++ (I
thinking using type casting ) and did a buffer overrun of "heap"
allocated that corrupted "the heap allocator metadata" (malloc) ....
of course I used to "gdb" to do a "postmordum after the patient died"
... IHMO I would been more happier if this "overrun" had been detected
at compile-tyime .. due to static strong type checking ... :-)

      Alll grammer errors are due to my cat Buddy ...

Vasya

On Thu, Jul 31, 2014 at 5:24 AM, Tobias Dammers <tdammers at gmail.com> wrote:
> The way I read that article, those are two very different goals and
> approaches.
>
> The "Project Zero" thing seems to be about subjecting "everything" to
> thorough security checking by the best experts Google can buy, in order
> to fix as many security problems on the internet as they possibly can.
>
> The software correctness problem is somewhat related, but not entirely -
> not all security problems are software bugs, and not all software bugs
> are security problems.
>
> On a side note, I think both problems are inherently unsolvable - we can
> go a long way cleaning up the solvable problems, and building an
> infrastructure that avoids them by design, but some potential for bugs
> and flaws will always remain, at least as long as we're using reasonable
> definitions of "programming" and "software".
>
> On Wed, Jul 30, 2014 at 10:08:06PM -0500, Vasili I. Galchin wrote:
>> Hello Haskellers(and all FPL people),
>>
>>         I just ran across the following effort by Google:
>> http://blogs.techworld.com/war-on-error/2014/07/googles-project-zero-flaw-programme-do-gooding-spin-or-a-much-needed-evolution/index.htm
>>
>>          It seems to me that www.galois.com(www.janestreetcapital.com)
>> realizes that the solution to software correctness problems doesn't
>> lie with uncontrolled "mutability" ...
>>
>>         Question: does Google concur with www.galois.com or google's
>> effort just "more of the same"??
>>
>> Vasili
>> _______________________________________________
>> Haskell-Cafe mailing list
>> Haskell-Cafe at haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe


More information about the Haskell-Cafe mailing list