funsec mailing list archives
Re: simple question
From: Dan Kaminsky <dan () doxpara com>
Date: Mon, 7 Dec 2009 02:49:41 -0800
On Sun, Dec 6, 2009 at 8:46 PM, Tomas L. Byrnes <tomb () byrneit net> wrote:
I used unconverted assignments on Digital Research f77 under CCP/M 3.1d on iAPx 286 chipsets with regularity, and effect, in the early ‘80s. And after that, I was thankful to never use Fortran again. The bigger point is that the code is garbage, the data not much better (at least according to the comments, because we can’t see the data), and the researchers have clearly been actively hiding the facts from public view. It’s high time for the Open Source and Free Software ethos to dominate something on which so much of the future of mankind rests. I, for one, donated lots of CPU time to the BBC climate modeling BOINC project. I think the idea that there isn’t enough computing, never mind brain, power out there to do this right is complete bunk. Let the science produce the result it will, whatever that may be, but let it at least be proper science, with the best current practices in all relevant fields being applied. Then, after the climate models are as near to unimpeachable as can be (and models can do pretty well, as the auto makers have shown), we can have the debate about the costs of various courses of action relative to their benefits and risks. Until we have a model that would pass muster for simulating the Coefficient of Drag of an automobile (and as far as I can see the CRU climate model doesn’t), how can we base any major public policy decisions on it?
OK, reality check: 1) Most code is crap. Most commercial code is crap. Most open source is crap. People don't really die from bad code (far more people are killed crashing through windows than by crashing windows) and that's pretty much the only thing that drives engineering standards. 2) The fewer people are expected to run code, the crappier it is. Doesn't matter how important it is. 3) Crappy, inelegant code runs the world. 4) Security is changing 1-3, but very slowly, and only in places where there's attack surface being actively exploited. 5) Your one piece of concrete judgement on this code was (to be generous) an untested assertion, which has been handily dismissed. Do you have a concrete complaint remaining? 6) There's a revolution in data sharing going on in science right now. That we can expect for data to be made available really is quite new.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: simple question, (continued)
- Re: simple question Dan White (Dec 03)
- Re: simple question Drsolly (Dec 03)
- Re: simple question Martin Tomasek (Dec 04)
- Re: simple question Tomas L. Byrnes (Dec 05)
- Re: simple question RandallM (Dec 05)
- Re: simple question Martin Tomasek (Dec 05)
- Re: simple question Tomas L. Byrnes (Dec 05)
- Re: simple question Valdis . Kletnieks (Dec 05)
- Re: simple question Martin Tomasek (Dec 06)
- Re: simple question Tomas L. Byrnes (Dec 06)
- Re: simple question Dan Kaminsky (Dec 07)
- Re: simple question Martin Tomasek (Dec 04)
- Re: simple question Tomas L. Byrnes (Dec 05)