Re: [Jchat] resilient coding practices for the internet age

Fri, 17 Nov 2017 01:39:59 -0800 

Hi all!
I talked to a person who worked with security for the Swedish secret service. 


According to him SELINUX could not be trusted since NSA participated in 
the development.


Which software can you trust and use? On which platform can you work?


If the secret services of a country wants some information, they could 
get it from any company within its jurisdiction?


NSA wants everything?

Which company can you trust?


Every piece of information that passes a country border is filtered and 
what NSA wants is sent to them?


Can you use cloud services?


Every character written in the address field in a browser is sent 
directly to Google?


Can you use web systems?


Long ago most programs was Cobol. Mainly move sentences anyone could 
read and control. I worked 5 years on IBM systems and hit ONE(1) 
platform problem. I guess it was a memory problem in the mainframe.



Now most programs are so complex no one could understand them entirely? 
A totally uncomprehensive mess full of bugs? You are at the mercy of the 
development environment? If it does not find the bugs you couldn't? And 
the development environment does not find them all?



So, however much you know, however clever you are and however much you 
try to write a self-documented, commented, documented, readable, simple, 
well tested program which follows all development and security best 
practices you are not going to be able to write a resilient program?



J has one clue to a possible solution - you get rid of all or most 
control structures - where you could otherwise plant bugs.



Another clue is to have a development environment tailored to the 
specific problem domain. If you want a specific functionality there is 
only one way to create it :) If it works you did it right.


Cheers,

Erling Hellenäs

Den 2017-11-16 kl. 20:23, skrev Raul Miller:

Eh... well, I suppose you could say the same thing of the entire internet.

The internet, after all, had its origins as a DARPA project - that's
the USA Department of Defense's Advance Research Project Agency...

My question, though, is how to make our parts of it resilient to
malware and so on.

Thanks,



----------------------------------------------------------------------
For information about J forums see http://www.jsoftware.com/forums.htm























					Reply via email to