ECMAScript ("Javascript") Version 4 - FALSE ALARM
Ian Petersen
ispeters-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Oct 30 17:22:25 UTC 2007
On 10/30/07, D. Hugh Redelmeier <hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org> wrote:
> | From: Ian Petersen <ispeters-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>
>
> | I think you and Lennart have both raised basically the same point.
>
> No, I don't think so.
>
> | You're pointing out that the new language is more complex, right?
>
> No, I didn't say that. I have not studied the language and have no
> opinion on that.
I seem to have put my foot in my mouth, so I'll try to be brief.
> I was only challenging your analysis that could be summarized as: the
> security issues for all Turing-complete systems are identical and
> hence if you have solved them for one, you have solved them for all.
I think your summary is stronger than what I intended to say (because,
for example, the lack of buffer overruns in Javascript means its
security issues are probably different that the issues that C faces),
but maybe not. I believe that the existing Javascript interpreter can
simulate the new language, so I don't think the new language is
introducing new problems*. I don't know what is implied by "all
Turing-complete systems", so I don't know what the security issues are
for an arbitrary member of that set.
> | And
> | Lennart is pointing out that an interpreter for a new language is
> | complex.
>
> I don't think that that is a fair summary of what he said.
>
> I understood him to say new untested code is worthy of more distrust
> than old tested code.
Yes, you're right. I focussed on the special case of a new
interpreter and Lennart's point was broader than that.
Ian
* Lennart was right when he said that a new language implies a new
interpreter, which very likely implies new bugs so, in a way, a new
language is introducing new problems. However, I have to believe
that, when designing a language, you assume that the interpreter will
work. Bugs in the language are different from bugs in an arbitrary
interpreter for that language and, more to the point, Walt was
denigrating the _language_, not its interpreter.
--
Tired of pop-ups, security holes, and spyware?
Try Firefox: http://www.getfirefox.com
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list