On Tue, 16 May 2000, you wrote:
> Derek Martin says:
>        And as the article you ponted to earlier suggests, an organization can
>        write perfect, bug-free code.  They simply need to make the commitment to
>        do it.  I agree wholeheartedly that the design process is the key.  If
>        your process is bad, your software will be too, except perhaps completely
>        by accident.
> 
> Well, actually, on an MS system, you can't.   It's  not  possible  to
> write  any  software  at all without calling lower-level software, at
> least at the system-call level, and usually at the  run-time  library
> level. And since you can't know what that does (because you can't see
> the source code), you can't rely on your understanding of  the  lower
> levels  being correct.  While it's possible to design tests of the OS
> and libraries, the number of possible paths is so large that it would
> take  millenia  to run them on even the fastest machines.  So without
> access to the lower-level source code, all other code's  behavior  is
> inherently unpredictable.
> 
> This is essentially the same argument that  security  analysts  often
> use:   If you want your computer to do only what you tell it, with no
> surprises, you must have access to the software and hardware specs at
> all  levels  down to the very lowest IC logic.  If you don't have all
> the details on something that you call, you can't know its  behavior,
> and you can't predict the behavior of anything that that uses it.
> 
> Software on an Open Source  platform  is  knowable  and  reliable  in
> principle,  because you can get at the code for all the lower levels.> 

Sort of true in practice, possibly not in principle.
See http://www.acm.org/classics/sep95/

While this makes even open software suspect, it certainly make me glad it
exists.


> If it's on undocumented hardware, then you do have the same  problem,
> of  course,  at a level below the software.  But software on a secret
> platform like MS systems can't be made reliable  even  in  principle,
> due to the unknowable behavior of the OS and the libraries.





--
Standard is better than better.  If your web page cares what browser I'm using
it's broken.
[EMAIL PROTECTED]

**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************

Reply via email to