lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 29 Oct 2004 15:38:51 -0400
From: Valdis.Kletnieks@...edu
To: David Brodbeck <DavidB@...l.interclean.com>
Cc: "'Tim Newsham'" <newsham@...a.net>,
	Michael Wojcik <Michael.Wojcik@...rofocus.com>,
	bugtraq@...urityfocus.com
Subject: Re: Update: Web browsers - a mini-farce (MSIE gives in)

On Fri, 29 Oct 2004 15:25:26 EDT, David Brodbeck said:

> This suggests that it's reasonable for a program to segfault because the
> user made a mistake, instead of having some non-fatal form of error
> handling.  I don't think that should be acceptable at all, though I agree
> it's very common.  If I had a dollar for every time I've lost work because a
> segfault or GPF happened before I saved my document...

The problem is that if you say "it isn't acceptable at all", then you *VERY*
quickly end up with almost *NO* software that's "acceptable".

All software is buggy. *ALL* of it.  Learn to accept it. Making a "this is not
acceptable" declaration about something that in general is not totally
preventable is just doomed to failure.

Also, remember that programmer time is *FINITE*.  Would you have been willing
to not have the last 3 "this is indispensable" features in your favorite
software in order that the programmers track down every single possible
failure mode?  Would you give up 2? 1?

Most software projects could probably fairly easily eliminate (rough guess)
some 75-90% of the really bonehead errors via better programming methodology
and automated software testers/verifiers - but after that, it's going to be
*really* hard to get much further improvement.

There are no silver bullets....


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ