Tobias,
I pretty agree with your response. I was trying to challenge the
entire audience to think about the issue about software
correctness(e.g. strong typefullness (and static type checking) like
Haskell, et. al. vs no type-checking/ dynamic type checking). My point
is how can we as a community respond to Google's challenge?? In my
humble opinion (IMHO) I think Google has missed the point regarding
contemporary software correctness problems .. (and also the Tor
project . given the languages of implementation) ..
Here is a very simple and cheesy example .. I worked at HP on a
contract .. . a predecessor of mine used with typefullnes of C++ (I
thinking using type casting ) and did a buffer overrun of "heap"
allocated that corrupted "the heap allocator metadata" (malloc) ....
of course I used to "gdb" to do a "postmordum after the patient died"
... IHMO I would been more happier if this "overrun" had been detected
at compile-tyime .. due to static strong type checking ... :-)
Alll grammer errors are due to my cat Buddy ...
Vasya
On Thu, Jul 31, 2014 at 5:24 AM, Tobias Dammers
The way I read that article, those are two very different goals and approaches.
The "Project Zero" thing seems to be about subjecting "everything" to thorough security checking by the best experts Google can buy, in order to fix as many security problems on the internet as they possibly can.
The software correctness problem is somewhat related, but not entirely - not all security problems are software bugs, and not all software bugs are security problems.
On a side note, I think both problems are inherently unsolvable - we can go a long way cleaning up the solvable problems, and building an infrastructure that avoids them by design, but some potential for bugs and flaws will always remain, at least as long as we're using reasonable definitions of "programming" and "software".
On Wed, Jul 30, 2014 at 10:08:06PM -0500, Vasili I. Galchin wrote:
Hello Haskellers(and all FPL people),
I just ran across the following effort by Google: http://blogs.techworld.com/war-on-error/2014/07/googles-project-zero-flaw-pr...
It seems to me that www.galois.com(www.janestreetcapital.com) realizes that the solution to software correctness problems doesn't lie with uncontrolled "mutability" ...
Question: does Google concur with www.galois.com or google's effort just "more of the same"??
Vasili _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe