Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

DHS Investigates 24 Potentially Lethal IoT Medical Devices

naasking Re:Since these people still don't get it.... (79 comments)

Good luck starting a security company with the slogan "We provide 90% security!"

I don't know what you're talking about. If anything, that would be "90% fewer security vulnerabilities", which sounds like perfectly good marketing.

I do use Haskell myself for certain things, and I can tell you it's no problem creating insecure applications in Haskell.

I never said Haskell was the perfect language, just that it provides good examples of achieving the needed safety properties, in that it can be extended to verify many properties that may be of interest. I didn't define "safe" in my original post, as the requried "safety" properties are domain-specific. Memory safety is the minimum needed, which would automatically handle one of the most common vulnerabilities in single programs (buffer overflows). A language that can be used to specify and check the required properties is a "safe" language for a given domain. Many languages fit most problems, few languages may be safe for all problems (although possibly undesirable for other reasons).

If all we had were Haskell's DoS vulnerabilities, we would be in a much better place.

Most exploits are due to human errors they could have done in any language

Not a chance. Here's a list of the top 25 exploits from 2011. From this list, numbers 3 and 20 would have been solved right away by using any memory safe language. Most memory safe languages also implement overflow checking, so that's 24 off too.

Languages featuring parametric polymorphism can tag unsafe values received as user inputs, so you can easily solve vulnerabilities 1, 2, 10, 14, 22, and 23 (all you really need is parametric polymorphism -- I've even done this in C#).

The crypto entries can be handled with session types that expect encrypted packets, not plaintext. Even the selection of appropriate crypto algorithm can be constrained by various parameters and checked at compile-time, ie. a Haskell type class constraint could specify a whitelist of unbroken crypto algorithms for unrestricted use, and those which are only good in restricted scenarios.

Design by contract can handle precondition violations, ie. #18, and such contracts can be statically checked these days in Haskell, C# and Ada.

A capability-secure language would handle the rest (mainly "porous defense" category remains). Few languages implement full capability security properties, and they remain vulnerable to the extent that they violate those principles.

The point is that the needed safety properties to address most common security vulnerabilities have been known for decades. Capability security was invented in the 1960s, and memory safety has been available since the first Lisp. Unfortunately, many programmers aren't interested in safety properties because they're focused too much on raw speed, but don't want to spend the verification effort to use that speed safely (Frama-C or Ada), or they want to avoid all verification effort period (dynamically typed languages).

3 days ago
top

DHS Investigates 24 Potentially Lethal IoT Medical Devices

naasking Re:Since these people still don't get it.... (79 comments)

And that you know of. The problem is that you do not know everything.

No, that's not how it works. You don't outlaw all possible bad behaviours, you enable only the behaviours you want to achieve the features you need. Everything is is forbidden statically.

3 days ago
top

DHS Investigates 24 Potentially Lethal IoT Medical Devices

naasking Re:Since these people still don't get it.... (79 comments)

My point is that you can't depend on the language to protect you. I'm not saying you should ignore good technology choices because you know better than those crazy compiler people. But I do not believe that it is possible to create something that is completely unhackable.

With a theorem prover like Coq, you can statically check any property you want. So you'll have to more precisely define "unhackable" before "it is impossible to create something that is completely unhackable" can have a truth value.

If used extensively, the only bugs you can introduce with a theorem prover are specification bugs, ie. we implemented X but actually need Y. This can certainly introduce exploits in the sense of customer surprise that say, some private information is revealed when they didn't expect it, but I'm not sure I would call this a hack. The device is working perfectly as expected, it's the expectations themselves that were wrong.

3 days ago
top

DHS Investigates 24 Potentially Lethal IoT Medical Devices

naasking Re:Since these people still don't get it.... (79 comments)

Don't be naive... security is a deep and subtle problem, full of nasty surprises. There is no magic bullet solution... your "safe programming language" has thousands of bugs in its standard API and run-time

I think you should update your knowledge of this field. Then you should also realize that over 90% of security vulnerabilities in programs written in unsafe languages wouldn't have occurred with safe languages. And of the vulnerabilities among safe languages, 90% of those wouldn't have occurred if they were designed to be capability secure (which is just another safety property most languages ignore).

it won't prevent devs from concatenating SQL with user input

You can't do this in, say Haskell, unless you write your own SQL interface library that builds solely on strings.

misusing threading primitives

You can't do this in concurrent safe languages, like Concurrent ML, Rust and Haskell.

bungling up an authentication protocol

Session types, which Haskell can verify too. Of course, all of these safety properties are encodable in even more powerful systems, like Agda or Coq.

you must at minimum use an approach where (1) security is a primary design concern thru the entire product lifecycle, (2) security solutions are deployed in a structured/layered approach using (3) actual expertise, and (4) security is an ongoing program with both proactive and reactive elements.

So basically, safety properties have importance on par with domain requirements, and must be subject to the same rigour that domain features get, ie. testing, verification, etc. So basically, the safer the language, in the sense that the more properties can be assured at compile-time, the more features and safety properties you can verify, and the fewer security vulnerabilities.

3 days ago
top

DHS Investigates 24 Potentially Lethal IoT Medical Devices

naasking Re:Since these people still don't get it.... (79 comments)

Last I checked, programming languages are designed and implemented by human beings. Even if a programming language can decrease your attack surface, there could still be an exploit associated with the interpreter/compiler or a mistake in implementation of the language.

That's what theorem provers are for. The seL4 microkernel was just formally verified as correct, we have verified C compilers, we have C verification tools (Frama-C for instance), and we have higher level, safer languages even at the systems level (Ada and Spark-Ada). This isn't an open theoretical CS question anymore, these technologies can and have been used very successfully to produce formally verified software, but the inertia behind outdated technologies and the hubris of developers who think they know better will continue to result in exploitable software.

The idea that there's a non-zero probability that your compiler, the theorem prover used to certify it, and the theorem prover used to certify that theorem prover, may all have a bug that coincidentally permit an exploit is about as meaningful as the argument that hypothetically, QM implies there's a non-zero probability that you could spontaneously be transported to the surface of the sun.

3 days ago
top

DHS Investigates 24 Potentially Lethal IoT Medical Devices

naasking Re:Since these people still don't get it.... (79 comments)

Anything computerized with a network connection can (and most likely WILL) be hacked...

Not if you take appropriate precautions, like using a safe programming language.

3 days ago
top

Fusion Reactor Concept Could Be Cheaper Than Coal

naasking Re:The $50,000 question... more energy out than in (315 comments)

Costs are a big issue, but the problem with fusion is getting more energy than is put in... and keeping that reaction sustained indefinitely.

I think the real problem is how much we've fixated on only one or two fusion reactor designs for decades. Plasmas are hard to control, hence why it's taking so long to materialize real fusion power. They've pursued the Tokamak too long I think, but they keep going after it because they're already so heavily invested. Time for some fresh thinking.

about two weeks ago
top

Rosetta Code Study Weighs In On the Programming Language Debate

naasking Re:Who cares about succinctness .... (165 comments)

especially if it makes the code unreadable. Give me the verbose, easy to read code any time

So I can surmise that you program in Ada?

about a month ago
top

Link Between Salt and High Blood Pressure 'Overstated'

naasking Re: I can simply ignore all health and diet advice (291 comments)

Cigarettes are undeniably bad. So are trans-fats, alcohol overconsumption, and too much stress.

The existence of stressors is not necessarily bad. How you deal with stress is more important.

about a month and a half ago
top

California DMV Told Google Cars Still Need Steering Wheels

naasking Re:Backward-thinking by the DMV (506 comments)

I've yet to see the logs of timestamps when the divers took control, so until then I see no reason for treating this as anything other than two professional drivers driving 700,000 miles.

The mileage is how much the cars drove themselves. Go read the links on wikipedia.

about 2 months ago
top

California DMV Told Google Cars Still Need Steering Wheels

naasking Re:Backward-thinking by the DMV (506 comments)

No need to guess, the tests are well documented. Driverless cars have achieved 700,000 miles, incident-free.

As for frozen sensors, freezing is no more a problem for sensors than it is for your eyes. A heating element will keep any sensor free of ice and snow, just like a car's internal heat keeps your eyes from freezing. It's merely a matter of engineering.

about a month ago
top

California DMV Told Google Cars Still Need Steering Wheels

naasking Re:Backward-thinking by the DMV (506 comments)

Autonomous cars need to prove that they're capable of being safer than operator-driven cars. Right now they haven't done so, and until there's data there will be a need for autonomous cars to be manually operatable.

Sure they have. Driverless cars have driven thousands of miles without making a single mistake. That error rate is already better than virtually any human could achieve.

about a month ago
top

Slashdot Asks: Should Schooling Be Year-Round?

naasking Re:No, school should not be year-round. (421 comments)

Kids should have at least a couple of months out of the year when they can just not worry about their studies and have fun and BE KIDS.

School should be year-round and only 4 days a week. Maybe a 2-3 week break like their parents too.

Long breaks are very detrimental to learning.

about 3 months ago
top

Idiot Leaves Driver's Seat In Self-Driving Infiniti, On the Highway

naasking Re:What a jackass (406 comments)

Errr, this wasn't a fully automated driver system, that's why the guy's actions were unsafe. Your conclusion does not follow.

Humans err far more often than automated systems do. Skepticism is warranted absent data, but the data supporting this conclusion is there, you're just ignorant of it.

about 3 months ago
top

Daniel Ellsberg: Snowden Would Not Get a Fair Trial – and Kerry Is Wrong

naasking Re:Ellsberg got a fair trial (519 comments)

Snowden made a decision to break the law because he believed his cause was good which justified breaking the law. What if the NSA used the same argument? What if they believe their cause is just as good and justified and more important then adhering to any laws?

Who is ultimately right is for the courts to decide. But the government will try its damndest to prevent the courts from ever seeing this kind of case, if they can help it.

about 5 months ago
top

Misogyny, Entitlement, and Nerds

naasking Re:No, he didn't. (1198 comments)

no he didn't. He doesn't understand the context and is using a specific type of crime as all crime, it is not.
For example, the paper does not include homicide. It's a report on interviewed victims, not a report of all violent crime.

Now that's just dishonest. disgbo said that "men are FAR more likely than women to be victims of violence, physical intimidation, violent crime, and other physical threats". dirk asked for evidence. The report digsbo cited, and the one he provided below, are exactly the evidence proving his claim.

Lets look at a more accurate and detail review, shall we?

Now who's cherry-picking? This report is about domestic violence only, which is but a small subset of all "violence, physical intimidation, violent crimes and other physical threats". Overall, men are more likely to be both victims and perpetrators in our culture. The argument that women have to be more conscientious about their safety just doesn't seem justified by the evidence.

I agree with the use of #YesAllWomen to bring awareness to sexual harassment, which is still prevalent, but I disagree with its use to highlight some belief that women live under some vague but constant threat of male violence that the rest of us don't, like this tweet. If the message is more targeted at things like domestic violence, that's justified by the evidence.

about 5 months ago
top

Misogyny, Entitlement, and Nerds

naasking Re:What the f*$# is wrong with us? (1198 comments)

I don't buy for a second that men are more likely to be the victims of violence, intimidation and other physical threats. Men are more likely to do all of those, but they are more likely aimed at women.

digsbo already cited the relevant reference showing that men have more to fear from others than women do, but are you really so suprised that male on male violence is more prevalent than male on female? Who gets in more bar fights? Who is the more likely victim of gang violence? There's still a stigma around hitting women, so when tempers flare in any situation, who is more likely to receive a punch to the face?

You are basically calling the person feminine which is only an insult if you believe men are superior to women.

That's not how insults work. Sure, the people who started using that insult probably believed that, but words have momentum and growing up in a culture that uses some words derogatorily means you're simply more likely to use them that way when conveying an intention. That doesn't mean the user has given even a moment's thought to what's actually been said. Trying to tie this to some mental attitude towards women as a whole is weak at best.

about 5 months ago
top

Parenting Rewires the Male Brain

naasking Re:I believe it because.. (291 comments)

Is that a joke, kids can definitely do those things. They obviously can't go to as far of extremes as an adult can

You just explained it yourself, and the younger they are, the more limited you are. The original poster said that kids would interfere with their ability to travel, which as a general proposition is true, irrespective of the fact that it may not be true in specific circumstances.

about 5 months ago
top

Parenting Rewires the Male Brain

naasking Re:I don't doubt it. (291 comments)

What? The only symptom he listed that might be related was decreased interest in women. I've never seen any of those other symptoms listed in relation to depression.

about 5 months ago

Submissions

naasking hasn't submitted any stories.

Journals

naasking has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?