:: Re: [DNG] Nasty Linux systemd secur…
Top Page
Delete this message
Reply to this message
Author: Rowland Penny
Date:  
To: dng
Subject: Re: [DNG] Nasty Linux systemd security bug revealed
On Mon, 2021-07-26 at 16:33 +0000, g4sra via Dng wrote:
> On Monday, July 26th, 2021 at 4:48 PM, Steve Litt <
> slitt@???> wrote:
> > Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200
> >
> > > My feeling is, that you can not simply teach someone how to write
> > > safe software.
> > Why not? You can teach a person to do anything else. But maybe not
> > in
> > college, because college is built to make money, not to teach.
> > Consider
> > the average textbook and compare to the average "For Dummies" book.
> > The
> > former makes the subject matter look incredibly complex, justifying
> > the
> > professor. The latter makes it easy to learn.
> > What is needed is a curated document explaining the five or ten or
> > twenty things you need to do to be secure, and then how to achieve
> > them
> > in a practical world.
> Software is far too complex to be audited by following a fixed set of
> generic rules,
> otherwise someone would have already written software that can do
> exactly that.
> We have some tools, but they are incomplete and fallible.
>
> The personality of the individual is key, which is why not anyone can
> learn to program safely.
> I witnessed an individual sail through and get top marks at college,
> they had an eidetic mind.
> They could recall any fact they had been told\read instantly and
> accurately.
> But they had no creativity and could be easily tripped up with the
> simplest of problems if they had not seen it before.
>
>
> > Let's start with input field cleansing and
> > protection from errant pointers and buffer overflow. There are many
> > more:
> Yeah, that's what they taught me at college :).
>
> > It takes some effort to learn, but I doubt it's rocket science
> Which is why they call it Computer Science, it's harder.
> Rocket Science has a formula for everything, even the top AI experts
> cannot formulate the intricacies of a Neural Net program.
>
> > and one certainly doesn't need to come from a family who can fund
> > college plus living expenses for 4 years, or 7, or whatever.
> Agreed, we must have all at least heard of Kevin Mitnick,


There you go with assumptions, something you should never do. I have
absolutely no idea who Kevin Mitnick is, I had never heard that name
until you posted it.

Rowland

> who as a teenager learnt from his dad, a security expert.
> How executing software processes what you enter into it is as much a
> security concern as the source code.
> > SteveT
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng