Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

Logic doesn't apply to the real world. -- Marvin Minsky

devel / comp.lang.ada / US Government looking into memory safe programming

SubjectAuthor
* US Government looking into memory safe programmingajdude
`* Re: US Government looking into memory safe programmingLuke A. Guest
 `* Re: US Government looking into memory safe programmingStéphane Rivière
  `* Re: US Government looking into memory safe programmingJ-P. Rosen
   +* Re: US Government looking into memory safe programmingG.B.
   |`- Re: US Government looking into memory safe programmingLuke A. Guest
   `* Re: US Government looking into memory safe programmingStéphane Rivière
    `- Re: US Government looking into memory safe programmingKevin Chadwick

1
US Government looking into memory safe programming

<ueqd78$1hsr0$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=10117&group=comp.lang.ada#10117

  copy link   Newsgroups: comp.lang.ada
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: aj@ianozi.com (ajdude)
Newsgroups: comp.lang.ada
Subject: US Government looking into memory safe programming
Date: Sun, 24 Sep 2023 22:28:56 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 8
Message-ID: <ueqd78$1hsr0$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=fixed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 24 Sep 2023 22:28:56 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="e98ac8de878b0fc4e8de956543f26485";
logging-data="1635168"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/+gcibx1IAuo5w4tHw1K85"
User-Agent: Usenapp for MacOS
Cancel-Lock: sha1:o1rrh+Q4Hef5ann6AFm5e9hqICc=
X-Usenapp: v1.27.1/l - Trial License
 by: ajdude - Sun, 24 Sep 2023 22:28 UTC

The US Government is requesting information on adoption of memory safe
programming languages and open-source software security. They’re currently
taking comments until October 9th. I think this is a good opportunity to help
bring Ada back into the spotlight.

https://www.federalregister.gov/documents/2023/08/10/2023-17239/request-for-information-on-open-source-software-security-areas-of-long-term-focus-and-prioritization

AJ

Re: US Government looking into memory safe programming

<uere81$1qbqu$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=10118&group=comp.lang.ada#10118

  copy link   Newsgroups: comp.lang.ada
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: laguest@archeia.com (Luke A. Guest)
Newsgroups: comp.lang.ada
Subject: Re: US Government looking into memory safe programming
Date: Mon, 25 Sep 2023 08:52:33 +0100
Organization: A noiseless patient Spider
Lines: 11
Message-ID: <uere81$1qbqu$1@dont-email.me>
References: <ueqd78$1hsr0$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 25 Sep 2023 07:52:33 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="48042f6812e4fc4dc38b8a70e91614c4";
logging-data="1912670"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX194ligkmhrPWVEFdNvmFm74ApD2JQugWnI="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:/fn4fHWCqw+0bgucnoq1a5v2pY8=
Content-Language: en-GB
In-Reply-To: <ueqd78$1hsr0$1@dont-email.me>
 by: Luke A. Guest - Mon, 25 Sep 2023 07:52 UTC

On 24/09/2023 23:28, ajdude wrote:
> The US Government is requesting information on adoption of memory safe
> programming languages and open-source software security. They’re currently
> taking comments until October 9th. I think this is a good opportunity to help
> bring Ada back into the spotlight.
>
> https://www.federalregister.gov/documents/2023/08/10/2023-17239/request-for-information-on-open-source-software-security-areas-of-long-term-focus-and-prioritization

History is repeating itself. How long before they relax the requirements
and idiots say "we can use C again, yay!"?

Re: US Government looking into memory safe programming

<uerlmt$1rp7m$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=10119&group=comp.lang.ada#10119

  copy link   Newsgroups: comp.lang.ada
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: stef@genesix.org (Stéphane Rivière)
Newsgroups: comp.lang.ada
Subject: Re: US Government looking into memory safe programming
Date: Mon, 25 Sep 2023 11:59:57 +0200
Organization: La Maison
Lines: 12
Message-ID: <uerlmt$1rp7m$1@dont-email.me>
References: <ueqd78$1hsr0$1@dont-email.me> <uere81$1qbqu$1@dont-email.me>
Reply-To: stef@genesix.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 25 Sep 2023 09:59:57 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="d6c096ac0a4174b852b2b86115adf4cf";
logging-data="1959158"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+0xryF551tV6PKqC48rSGANEmUpejsfZw="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
Thunderbird/52.9.1
Cancel-Lock: sha1:N5KPZ8xxIitUU+VwStbKFDyTUZ0=
In-Reply-To: <uere81$1qbqu$1@dont-email.me>
Openpgp: preference=signencrypt
Content-Language: fr
 by: Stéphane Rivière - Mon, 25 Sep 2023 09:59 UTC

> History is repeating itself.

+1

> How long before they relax the requirements
> and idiots say "we can use C again, yay!"?

By the time they discover Rust ?

--
Stéphane Rivière
Ile d'Oléron - France

Re: US Government looking into memory safe programming

<uernvu$1s5eo$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=10120&group=comp.lang.ada#10120

  copy link   Newsgroups: comp.lang.ada
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: rosen@adalog.fr (J-P. Rosen)
Newsgroups: comp.lang.ada
Subject: Re: US Government looking into memory safe programming
Date: Mon, 25 Sep 2023 12:38:54 +0200
Organization: Adalog
Lines: 14
Message-ID: <uernvu$1s5eo$1@dont-email.me>
References: <ueqd78$1hsr0$1@dont-email.me> <uere81$1qbqu$1@dont-email.me>
<uerlmt$1rp7m$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 25 Sep 2023 10:38:54 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="15525f9d0982e8515127df403cce1508";
logging-data="1971672"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18rXA3QEVdLlrebj1/RNcI9"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.15.1
Cancel-Lock: sha1:+rQSPLuRyOh7y2i/uiFNyBkZTu8=
In-Reply-To: <uerlmt$1rp7m$1@dont-email.me>
Content-Language: en-US, fr
 by: J-P. Rosen - Mon, 25 Sep 2023 10:38 UTC

Le 25/09/2023 à 11:59, Stéphane Rivière a écrit :
>> How long before they relax the requirements
>> and idiots say "we can use C again, yay!"?
> By the time they discover Rust ?

Or when they realize that there is only one rust compiler, and therefore
that a single compiler virus could ruin the whole defense system.

--
J-P. Rosen
Adalog
2 rue du Docteur Lombard, 92441 Issy-les-Moulineaux CEDEX
https://www.adalog.fr https://www.adacontrol.fr

Re: US Government looking into memory safe programming

<uesagt$208tn$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=10121&group=comp.lang.ada#10121

  copy link   Newsgroups: comp.lang.ada
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: bauhaus@notmyhomepage.invalid (G.B.)
Newsgroups: comp.lang.ada
Subject: Re: US Government looking into memory safe programming
Date: Mon, 25 Sep 2023 17:55:08 +0200
Organization: A noiseless patient Spider
Lines: 37
Message-ID: <uesagt$208tn$1@dont-email.me>
References: <ueqd78$1hsr0$1@dont-email.me> <uere81$1qbqu$1@dont-email.me>
<uerlmt$1rp7m$1@dont-email.me> <uernvu$1s5eo$1@dont-email.me>
Reply-To: nonlegitur@notmyhomepage.de
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 25 Sep 2023 15:55:09 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="efa4bbc0a23c704aa7def0056e5acaed";
logging-data="2106295"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/oUSaO+6C8y29HXSdgpz2dpCXUMfD2AzA="
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0)
Gecko/20100101 Thunderbird/102.15.1
Cancel-Lock: sha1:UA6Mk8Fut7j4QCmpaR5Pwfnj63E=
Content-Language: en-US
In-Reply-To: <uernvu$1s5eo$1@dont-email.me>
 by: G.B. - Mon, 25 Sep 2023 15:55 UTC

On 25.09.23 12:38, J-P. Rosen wrote:
> Le 25/09/2023 à 11:59, Stéphane Rivière a écrit :
>>> How long before they relax the requirements
>>> and idiots say "we can use C again, yay!"?
>> By the time they discover Rust ?
>
> Or when they realize that there is only one rust compiler, and therefore that a single compiler virus could ruin the whole defense system.
>

Maybe, given the emphasis on tools, verification and best
practices, they might consider sub-languages, or profiles,
of several existing languages.

It's not like memory-safety cannot be made available in
languages other than Rust, I should think? Though, it seems
to me that Rust has so much better market-aware development
strategies than any other language since C, outside Microsoft's
or Apple's areas of sales.

Also, I understand that Linux kernel development is
steered towards Rust and LLVM. So, they have decided
not to go back to the 80s, just pick some good bits
and move on, possibly producing grust or crust while
at it.

In order to pick well from Ada and the concepts embodied in it,
imagine what parts of Ada should be thrown out,
ignoring commercial enterprises living off legacy business?
What changes to Ada are a good fit while aiming
at memory safety, verification support,
or light weight and safe parallel execution?

As you can see in [1], there is a suggestion to make money
available to refactoring efforts.

[1]: https://www.federalregister.gov/d/2023-17239/p-37

Re: US Government looking into memory safe programming

<uesc35$20jem$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=10122&group=comp.lang.ada#10122

  copy link   Newsgroups: comp.lang.ada
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: laguest@archeia.com (Luke A. Guest)
Newsgroups: comp.lang.ada
Subject: Re: US Government looking into memory safe programming
Date: Mon, 25 Sep 2023 17:21:57 +0100
Organization: A noiseless patient Spider
Lines: 8
Message-ID: <uesc35$20jem$1@dont-email.me>
References: <ueqd78$1hsr0$1@dont-email.me> <uere81$1qbqu$1@dont-email.me>
<uerlmt$1rp7m$1@dont-email.me> <uernvu$1s5eo$1@dont-email.me>
<uesagt$208tn$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 25 Sep 2023 16:21:57 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="48042f6812e4fc4dc38b8a70e91614c4";
logging-data="2117078"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+6YCUVyfebhQpf5/iucKUlS3XM7TB74l4="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:2LvfN4KUshh0CGS06S2/MuJjjgE=
Content-Language: en-GB
In-Reply-To: <uesagt$208tn$1@dont-email.me>
 by: Luke A. Guest - Mon, 25 Sep 2023 16:21 UTC

On 25/09/2023 16:55, G.B. wrote:

> What changes to Ada are a good fit while aiming
> at memory safety, verification support,
> or light weight and safe parallel execution?

I started thinking about that here https://github.com/Lucretia/orenda.

Re: US Government looking into memory safe programming

<uetv8f$2cs2t$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=10128&group=comp.lang.ada#10128

  copy link   Newsgroups: comp.lang.ada
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: stef@genesix.org (Stéphane Rivière)
Newsgroups: comp.lang.ada
Subject: Re: US Government looking into memory safe programming
Date: Tue, 26 Sep 2023 08:55:11 +0200
Organization: La Maison
Lines: 10
Message-ID: <uetv8f$2cs2t$1@dont-email.me>
References: <ueqd78$1hsr0$1@dont-email.me> <uere81$1qbqu$1@dont-email.me>
<uerlmt$1rp7m$1@dont-email.me> <uernvu$1s5eo$1@dont-email.me>
Reply-To: stef@genesix.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 26 Sep 2023 06:55:11 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="06bcbc11dcb0b7e533cf67579a32cb02";
logging-data="2519133"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18hj4cu8haW8sdV4yACmy7ChXL+F837Pj4="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
Thunderbird/52.9.1
Cancel-Lock: sha1:RTiPJdFNlJHbTjXmPN3LF6pRWTE=
In-Reply-To: <uernvu$1s5eo$1@dont-email.me>
Content-Language: fr
Openpgp: preference=signencrypt
 by: Stéphane Rivière - Tue, 26 Sep 2023 06:55 UTC

> Or when they realize that there is only one rust compiler, and therefore
> that a single compiler virus could ruin the whole defense system.

Good point !

Still some doubts about their ability to reason that far ;)

--
Stéphane Rivière
Ile d'Oléron - France

Re: US Government looking into memory safe programming

<ueuevc$2fpr5$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=10131&group=comp.lang.ada#10131

  copy link   Newsgroups: comp.lang.ada
Path: i2pn2.org!i2pn.org!news.hispagatos.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: kc-usenet@chadwicks.me.uk (Kevin Chadwick)
Newsgroups: comp.lang.ada
Subject: Re: US Government looking into memory safe programming
Date: Tue, 26 Sep 2023 11:23:24 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 20
Message-ID: <ueuevc$2fpr5$1@dont-email.me>
References: <ueqd78$1hsr0$1@dont-email.me> <uere81$1qbqu$1@dont-email.me>
<uerlmt$1rp7m$1@dont-email.me> <uernvu$1s5eo$1@dont-email.me>
<uetv8f$2cs2t$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 26 Sep 2023 11:23:24 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="3f34db6aa2e6d6afb05f2a0cdf4cdc40";
logging-data="2615141"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/CC+4mNR9oC+q2/RVGDuAArm53zYQ4oe8="
User-Agent: PhoNews/3.12.0 (Android/13)
Cancel-Lock: sha1:Ho2pXzEYstE98EyCtRltadMv+9s=
In-Reply-To: <uetv8f$2cs2t$1@dont-email.me>
 by: Kevin Chadwick - Tue, 26 Sep 2023 11:23 UTC

>> Or when they realize that there is only one rust compiler, and therefore
>> that a single compiler virus could ruin the whole defense system.
>
>Good point !
>
>Still some doubts about their ability to reason that far ;)

Whilst I have in the past refused to use lattice semi conductor hardware due
to a CDN preventing secure compiler verification, whilst apparently noone
or few noticed.

I assume you mean trojaned compiler code inserted upstream to disable
protections or ignore unsafe code?

Or do you mean utf-8 library code substitution aimed at a particular
compiler?

--
Regards, Kc

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor