[langsec-discuss] a question on code volume

Rik Farrow rik at rikfarrow.com
Sun Jan 4 19:05:32 UTC 2015


Chris:

Given how secure qmail of djbdns are, ever wonder why they aren't more
popular? Lack of flexibility is a real killer, but the simplicity
found in djb's work is also its best feature.

Crash-only design is part of that simplicity. It is certainly an
interesting way to create robustness--through failure.

And it's not how I want my car to run, or even my cell phone. Both are
vastly more complex than qmail, but having my car decide to die while
I am navigating during rush hour could result in people dying.

We need our distributed software to be more robust to failures,
whether when opening a file or dealing with perhaps deliberately
malformed input. DJB's ideas are important, but not something to
worship.

Rik


On Wed, Dec 31, 2014 at 1:49 PM, Chris Palmer <snackypants at gmail.com> wrote:
> On Wed, Dec 31, 2014 at 10:10 AM, Rik Farrow <rik at rikfarrow.com> wrote:
>
>> Wow. I suggest your read this paper:
>
> Did you read the crash-only paper?
>
>> Really, why crash when you fail to open a file or obtain a lock?
>
> Consider the design of qmail.
>
>
> --
> http://noncombatant.org/


More information about the langsec-discuss mailing list