[langsec-discuss] a question on code volume
rik at rikfarrow.com
Sun Jan 4 19:05:32 UTC 2015
Given how secure qmail of djbdns are, ever wonder why they aren't more
popular? Lack of flexibility is a real killer, but the simplicity
found in djb's work is also its best feature.
Crash-only design is part of that simplicity. It is certainly an
interesting way to create robustness--through failure.
And it's not how I want my car to run, or even my cell phone. Both are
vastly more complex than qmail, but having my car decide to die while
I am navigating during rush hour could result in people dying.
We need our distributed software to be more robust to failures,
whether when opening a file or dealing with perhaps deliberately
malformed input. DJB's ideas are important, but not something to
On Wed, Dec 31, 2014 at 1:49 PM, Chris Palmer <snackypants at gmail.com> wrote:
> On Wed, Dec 31, 2014 at 10:10 AM, Rik Farrow <rik at rikfarrow.com> wrote:
>> Wow. I suggest your read this paper:
> Did you read the crash-only paper?
>> Really, why crash when you fail to open a file or obtain a lock?
> Consider the design of qmail.
More information about the langsec-discuss