Re: [SC-L] Genotypes and Phenotypes

[Andy Steingruebl]

On Mon, Oct 12, 2009 at 9:55 AM, Gunnar Peterson  wrote:
> Its been awhile since there was a bugs vs flaws debate, so here is a snippet
> from Jaron Lanier
> A: No, no, they're not. What's the difference between a bug and a variation
> or an imperfection? If you think about it, if you make a small change to a
> program, it can result in an enormous change in what the program does. If
> nature worked that way, the universe would crash all the time. Certainly
> there wouldn't be any evolution or life. There's something about the way
> complexity builds up in nature so that if you have a small change, it
> results in sufficiently small results; it's possible to have incremental
> evolution. Right now, we have a little bit -- not total -- but a little bit
> of linearity in the connection between genotype and phenotype, if you want
> to speak in those terms. But in software, there's a chaotic relationship
> between the source code (the "genotype") and the observed effects of
> programs -- what you might call the "phenotype" of a program.


Is this really true though?  A small change in libc doesn't change the
whole look and feel of a word processing program.  It looks exactly
the same, but maybe behaves very slightly differently over a small
range of inputs, etc.

And, while not being an expert in biology, I'm quite certain that
there are very minor mutations in certain key places that result in
complete system failure or almost entirely fatal diseases, conditions,
etc.

Is the complexity and expression of it really the key piece here?  Or
is it general resilience against failure, complexity spread out so
that the common enemies (transcription errors in one place) aren't
fatal.  The system is designed against different threat models.

-- 
Andy Steingruebl
stein...@gmail.com
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

Re: [SC-L] new job!

[Benjamin Tomhave]

Ditto on the new job for me, too! (thanks for reminder Dave)

I've taken a position with Foreground Security and will also be moving
back to NoVA. I start Monday and the movers come next Saturday. :)

Looks like Dave and I need to put our heads together and host a
NoVA-based "thank you" happy hour. :)

-ben

SC-L Reader Dave Aronson wrote:
> Since the Power that Be let me post my plea for job help, I figured
> I'd let y'all know the outcome.
> 
> Long story short, I have accepted a position at Comcast, in the
> National Engineering and Technical Operations group, in Herndon VA
> (possibly moving to Reston VA soonish), starting in probably a week or
> two.  I will no longer be in a position related to security, but will
> still participate here, and in the broader secure coding community, as
> time allows -- and keep trying to spread the gospel.  ;-)
> 
> Thanks for all your help,
> Dave
> 

-- 
Benjamin Tomhave, MS, CISSP
fal...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
Photos: http://photos.secureconsulting.net/
Web: http://falcon.secureconsulting.net/
LI: http://www.linkedin.com/in/btomhave

[ Random Quote: ]
"Practice does not make perfect. Only perfect practice makes perfect."
Vince Lombardi
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___