Regarding why programmers don't write libraries in common lisp (ignoring what seems to be a screaming terror of the parenthetical, functional world) is that cryptography must be fast, and it must not leak timing information.
A final word here--I spend my days auditing and pen testing programs written in managed languages: C# and Java. None of the errors that bring down systems and lead to breaches in these languages result from bounds checking or buffer overflow issues. None of them are subject to the same kinds of flaws C exposes as evidenced by heartbleed. Nonetheless, there are vulnerabilities.
And I am sure that all remember the vulnerability exposed in Ycombinator which is written in Lisp. Simply writing your stuff in Lisp is not enough.
wglb
On Mon, Apr 28, 2014 at 5:40 PM, Pascal J. Bourguignon < pjb@informatimago.com> wrote:
William Lederer william.lederer@gmail.com writes:
Regarding the question
What would you personally fly, software written in C or software written in Common Lisp?
In the reality of today's fly-by-wire, the modern planes you fly in are likely to have C in some critical component. Ada is likely there as well.
But let's just examine a few software related disasters to see if they are attributable to programming language:
Ariane 5 rocket explosion: from the official report: This loss of information was due to specification and design errors in the software of the inertial reference system. Mars Climate Orbiter: one system used metric units, another used English Therac 5: improper understanding of multi-tasking code Heartbleed: Overly complex protocol combined with being able to read beyond allocated memoryOf these, only heartbleed can credit language as a contributing factor.
Not at all.
Programmed in Common Lisp, either the fixnum in the Ariane 5 would have been converted into a bignum, or an condition would have been signaled, which could have been handled. This would have taken time, which could perhaps have "exploded" the real time constraints, but it is better to control your rocket slughishly than not to control it at all.
Programmed in Common Lisp, instead of using raw numbers of physical magnitudes, you'd use objects such as:
(+ #<kilometer/hour 5.42> #<foot/fortnight 12857953.0> ) --> #<meter/second 4.7455556>
and Mars Climate Orbiter wouldn't have crashed.
Programmed in Common Lisp, the Therac-5 bug wouldn't have occured:
"The defect was as follows: a one-byte counter in a testing routine frequently overflowed; if an operator provided manual input to the machine at the precise moment that this counter overflowed, the interlock would fail."
since again, incrementing a counter doesn't fucking overflow in lisp!
Programmed in Common Lisp, heartbleed wouldn't have occured, because lisp implementors provide array bound checks, and lisp programmers are conscious enough to run always with (safety 3), as previously discussed in this thread.
What I'm saying is that there's a mind set out-there, of using modular arithmetic to approximate arithmetic blindly. Until you will be able to pay $1.29 for 3 kg of apples @ $2.99, people should not program with modular arithmetic!
And I again point out a software non-disaster qmail, whose author offered a bug bounty. Secure programs can be written in C.
postfix too is architectured to deal with security.
You can also write secure software on a Turing Machine.
And if the flight safety of an aircraft depended upon the current Lisp version of Ironclad's impenetrability, we would be in trouble.
This is another question, that of the resources invested in a software ecosystem, and that of programming language mind share. Why the cryptographists don't write their libraries in Common Lisp and choose to produce piles of C instead?
-- __Pascal Bourguignon__ http://www.informatimago.com/ "Le mercure monte ? C'est le moment d'acheter !"
pro mailing list pro@common-lisp.net http://common-lisp.net/cgi-bin/mailman/listinfo/pro