[langsec-discuss] a question on code volume

matt matt at nycresistor.com
Sun Jan 4 20:52:03 UTC 2015


qmail is a pita to configure and use.  usability is a much greater factor
in adoption than security.  whether you like that or not.

On Sun, Jan 4, 2015 at 3:41 PM, Chris Palmer <snackypants at gmail.com> wrote:

> On Sun, Jan 4, 2015 at 11:05 AM, Rik Farrow <rik at rikfarrow.com> wrote:
>
> > And it's not how I want my car to run, or even my cell phone. Both are
> > vastly more complex than qmail, but having my car decide to die while
> > I am navigating during rush hour could result in people dying.
>
> Nobody is saying your car should stop running immediately on the first
> problem. That's not how qmail works, either. Instead, errors are
> logged and propagated up the call tree, and the callers keep trying.
> At the top of the call tree is the human operator; but transient and
> recoverable errors likely never make it up that high.
>
> And, yes, your cell phone (and laptop) often already does work in that
> way: init spawns daemons like rild (radio interface layer daemon) and
> watches to see if rild has died.
>
> The proposition is that things like rild should simplify by relying on
> the interface guarantee of init ("I will restart you"), rather than
> going through contortions (that are themselves likely to create more
> bugs or operational mishaps) to try to repair.
>
> This is explained the crash-only paper; nobody is saying "Go ahead and
> let people die every time write(2) gets EINTR."
>
>
> --
> http://noncombatant.org/
> _______________________________________________
> langsec-discuss mailing list
> langsec-discuss at mail.langsec.org
> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20150104/b334abd2/attachment.html>


More information about the langsec-discuss mailing list