Classic Computer Vulnerability Analysis Revisited

← Back to Stories (view on slashdot.org)

Classic Computer Vulnerability Analysis Revisited

Posted by timothy on Monday September 9, 2002 @07:38AM from the mr-potatohead-mr-potatohead dept.

redtail writes "The original authors of the classic vulnerability analysis of Multics have revisited the lessons learned almost thirty years later. Their new paper, along with the original vulnerability analysis is published here by IBM. The original vulnerability analysis inspired the self-inserting compiler back door described by Ken Thompson in his Turing Award Lecture. "

2 of 173 comments (clear)

Min score:

Reason:

Sort:

Re:Uhhh... Multics?! Yeah, there's a lesson there. by Usquebaugh · 2002-09-09 08:14 · Score: 1, Flamebait

Hmm, I think you better run off and get back to class. Kinder garden class that is.

Look up the history of Multics. What came before Multics?
*Sigh*... by theonomist · 2002-09-09 08:39 · Score: 0, Flamebait

Do you mean Multices was [blah blah web web blah McNealy marketing blah blah]...?

No, I mean it was a grotesquely overengineered fiasco which never had any practical use, just like Java. In both cases, the design was finalized before it was implemented. In both cases, hubris took over. Compare to successful operating systems like UNIX (or even Windows: Windows may be a dog, but people do at least find it usable), or to successful programming languages like C or that ugly little monstrosity Perl.

The verdict of history seems to be that good software designs start out relatively modest, and then they grow and change as people use them in the real world. Neither Multics nor Java was designed that way, and it shows.

Some people have found Java useful for some applications. So? That's also true of Smalltalk. It's true of batch files, for God's sake. Sun's multimillion-dollar advertising push has produced a resounding indifference among damn near everybody who actually writes code.

Java had two reasons for existing. One: Cross-platform binaries. That was a total failure. So they want us to use it on servers now -- where cross-platform binaries are irrelevant and the order-of-magnitude speed penalty of the JVM over native code is therefore totally unnecessary (yes, and Sun's marketing always did, and still does, conflate the AWT, the JVM, and the language itself, which is just plain annoying). Two: An OOP language with garbage collection and with a crude pretense of having no pointers. Well, okay, Point Two may have some value, if you've got a real low forehead and you can't cope with pointers or the delete operator, but it's not worth all that much in the end. Let's face it, pointers aren't hard to deal with. If you can't cope with pointers, you've got no business calling yourself a programmer anyhow. The "no-pointers" gibberish suggests that Java was aimed at the idiot market, but the idiots are saturated with Visual Basic already.

Java was a product of the reality-proof Internet hype of the late '90's. It was on life-support from day one. Let it die in peace.

--
"Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive" -- hey, that's me!