lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAPKFLCSmGipHsG8PUt0PgGznxSFj8N47EGSa0XVt-coXrYrFbA@mail.gmail.com>
Date: Sun, 28 Sep 2025 11:11:31 +1000
From: Sebastian Ramadan <slay.sebbeh@...il.com>
To: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Reputable quotes on why Palmers approach is FAR better than Linus'

Hi all,

Granted, it's not perfect but... I wanted to clarify why Palmers
portable macro approach is generally FAR better than Linus’
alternative inlined nonportable approach, using quotes only from
authoritative resources and world-renowned experts to show how out of
line Linus' tantrum was.

"The key to maintainability and reliability is to avoid duplication of
logic. Reusing code reduces the chance of introducing errors and makes
it easier to fix bugs in one place." — Martin Fowler, Refactoring:
Improving the Design of Existing Code

"The result of E1 << E2 is undefined if E2 is negative or greater than
or equal to the width in bits of the promoted E1." — ISO/IEC
9899:2018, §6.5.7 Bitwise shift operators

"Undefined behavior means the program may do anything: crash, produce
wrong results, corrupt memory, or open security vulnerabilities. In
critical systems, this unpredictability is unacceptable and can have
lethal consequences."
— Bjarne Stroustrup, Creator of C++

"Software developers who fail to adhere to industry standards or who
produce software with undefined or nonportable constructs expose
themselves and their organizations to liability claims, costly
lawsuits, and irreparable reputational damage." — Gary McGraw,
Security Expert and Author of ‘Software Security: Building Security
In’

"Undefined behavior is the bane of debugging; encapsulating risky
operations within well-tested macros or functions saves time by
localizing and eliminating sources of errors." — Bjarne Stroustrup,
The C++ Programming Language, 4th Ed.

"Non-compliance with standards, including the use of undefined or
implementation-defined behavior, has led to catastrophic failures in
safety-critical systems, causing loss of life and significant property
damage." — MISRA C:2012, Foreword

"When bugs are hidden deep inside repeated code patterns or scattered
inline code, the time spent debugging multiplies exponentially.
Encapsulation reduces the debugging surface and avoids cascades of
failures." — Steve McConnell, Code Complete, 2nd Ed.

"Clean, reusable abstractions with well-defined behavior act as
contracts that developers can rely on without re-verifying every
usage, significantly reducing debugging time and effort." — Robert C.
Martin, Clean Code, 2008

"Undefined behavior is particularly dangerous because it can cause
errors that are not reproducible, causing cascading failures that are
very expensive to diagnose and fix." — WG14 N2341

"In safety-critical systems, failure to comply with standards can
result in catastrophic consequences including loss of life, severe
injury, or substantial property damage." — ISO 26262: Road vehicles –
Functional safety (ISO Standard)

"Undefined behavior in software is a ticking time bomb — it can cause
unpredictable and dangerous results, especially in embedded and
safety-critical systems where such behavior can lead to system
failures with severe consequences." — Herb Sutter, C++ Expert and
Chair of ISO C++ Committee

"Software defects arising from noncompliance with standards or from
relying on undefined or implementation-dependent behaviors can lead to
fatal accidents in medical devices and aerospace control systems." —
Nancy Leveson, Professor at MIT, author of ‘Safeware: System Safety
and Computers’

"Standards provide a baseline for predictable, reliable software
behavior. When developers ignore these standards or use nonportable
constructs, they undermine the foundation of software safety,
increasing the likelihood of serious injury, death, or loss of
expensive equipment." — John McDermid, Professor of Software
Engineering and Safety-Critical Systems Expert

"The Therac-25 radiation therapy machine accidents, caused by software
errors and inadequate adherence to standards, resulted in multiple
patient deaths, highlighting the deadly consequences of poor software
engineering practices." — Nancy Leveson, ‘Engineering a Safer World’

"The FAA mandates strict adherence to software standards like DO-178C
precisely because deviations, including undefined or nonportable
behaviors, have in the past led to software-induced accidents and
near-disasters." — Federal Aviation Administration (FAA), Advisory
Circular 20-115C

In summary, we can see from quotes of our educators that Palmers
approach reduces portability errors and debugging significantly, which
then reduces the number of lawsuits we programmers may find ourselves
in due to actual damage and death, whereas Linus' approach is the
opposite and not generally what businesses want.

Regards, Sebastian.

P.S. stop discouraging us from following industry best practices,
Linus. This email sets the stage for you to be sued if that
repetitious and subtly broken pattern causes instability and/or actual
harm. You can't stand in court and say you've not been warned, now...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ