[langsec-discuss] a question on code volume
matt at nycresistor.com
Sun Jan 4 20:52:03 UTC 2015
qmail is a pita to configure and use. usability is a much greater factor
in adoption than security. whether you like that or not.
On Sun, Jan 4, 2015 at 3:41 PM, Chris Palmer <snackypants at gmail.com> wrote:
> On Sun, Jan 4, 2015 at 11:05 AM, Rik Farrow <rik at rikfarrow.com> wrote:
> > And it's not how I want my car to run, or even my cell phone. Both are
> > vastly more complex than qmail, but having my car decide to die while
> > I am navigating during rush hour could result in people dying.
> Nobody is saying your car should stop running immediately on the first
> problem. That's not how qmail works, either. Instead, errors are
> logged and propagated up the call tree, and the callers keep trying.
> At the top of the call tree is the human operator; but transient and
> recoverable errors likely never make it up that high.
> And, yes, your cell phone (and laptop) often already does work in that
> way: init spawns daemons like rild (radio interface layer daemon) and
> watches to see if rild has died.
> The proposition is that things like rild should simplify by relying on
> the interface guarantee of init ("I will restart you"), rather than
> going through contortions (that are themselves likely to create more
> bugs or operational mishaps) to try to repair.
> This is explained the crash-only paper; nobody is saying "Go ahead and
> let people die every time write(2) gets EINTR."
> langsec-discuss mailing list
> langsec-discuss at mail.langsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the langsec-discuss