Re: Software Design (was: Re: [tlug] Confessions of a closet OpenBSDuser)

[Josh Glover <jmglov@example.com>]

Uva Coder wrote:
> On Sun, Jun 30, 2002 at 02:38:13PM -0400, Josh Glover wrote:
> 
> 
>>I am not sure I follow, Uva? Are you saying that elegance does not 
>>matter, or that code can appear to be inelegant and really be elegant?
> 
> 
> No, here's an analogy. If you are a bridge builder and the basic
> fundamentals your bridge design are flawed, then the plans should
> be sent back and revised. Entrusting that the bridge builder has the
> talent to build an elegant bridge doesn't matter if the bridge may
> eventually collapse due to poor design. To sit and blame the bridge
> building techniques doesn't sit well with me. I believe the problem
> actually lies in design, and not the construction. 

OK, then I just misunderstood you. This is an excellent analogy, and 
also just what I was saying: poor design is the root of the problems 
that *I* see with a lot of Open Source software.

The "bridge builders", as you have aptly dubbed them, are damned good at 
building bridges. They have not, however, been too good at the 
engineering legwork needed for a solid bridge design.

>>I mean, a webserver exploit is now a kernel exploit. That is *so* much 
>>worse than even a root exploit!
> 
> 
> This has become something simuliar to discussing theology; there is
> so much based on long established standards and thoughts. 

Yes, and I totally agree with you that fresh ideas are welcome in the 
security industry, and the software engineering one.

After all, Unix was not designed with security in mind. The fact that it 
has pretty good security (if the admin is willing to practise the black 
art) is due to a lot of hacking around the lack of serious security in 
Unix and a lot of elderly software (NFS, anyone?), and when weaknesses 
emerge, it is due to people finding chinks in the hacks. This is 
something that a good design would disallow.

IPv6 vs. IPv4 is a great example of a fresh design being superiour to 
crufty old crap that has been hacked to pieces over the years. IP was 
not supposed to be trusted, and all of our attempts to make it so are 
nothing more than kludges.

> In the present state of Linux I would agree with you about kernel
> exploits. However, I think this too relates back to bad design and
> old assumptions. Thoses designs and assumptions served a purpose
> once but are now outdated.

Perhaps.

> It might be easier if I wrote a paper with references, then posted
> it to a convenient location vice failing to explain my point. :-(

Please do! :)

>>I can! ;) Think of it this way, Uva: the system libraries ([g]libc) are 
>>userland. Sloppiness here affects any application that is not statically 
>>linked against a different set of libraries. How many security 
>>vulnerabilities have we seen over the years because of sprintf() and 
>>friends being vulnerable to buffer overflows and string format exploits?
> 
> 
> I understand your point entirely, but what I'm saying is that it
> doesn't have to be this way. There are so many old assumptions
> that this is how it must be that it doesn't allow for innovation.

I see that now. I think that we both agree on a solution to the problem, 
and that is apply some fresh attitudes to software. I am calling for 
better design, you are calling for radically new design. I say, why not 
both! ;) But I would settle for some solid software engineering applied 
to the Unix model, which I feel still has validity.

I hope some developers are reading this thread... ;)



-- 
Josh Glover <jmglov@example.com>

Associate Systems Administrator
INCOGEN, Inc.