"Hey guys, Lmacomstore for programming and security community is here! "

OK  Let's talk a bit about computer security a topic.
Security can sometimes be defined as computing in the presence of an adversary-- someone else using a computer or a network of resources that means you hope to exploit or take advantage of resources that you've put out there. It just so happens--you'll be surprised to discover I am breaking this news-- that the internet is not secure. Malicious agents can write JavaScript fragments or malicious webpages. The simplest way to do this would be to write a JavaScript fragment that loops forever-- some sort of version of Fibonacci that has no stopping condition that just keeps going and going and going. Then as soon as you've directed your browser to that page, it would stall, and you'd be denied some server. You wouldn't be able to use your computer. practically, the browsers have often put some sort of timeout on script execution. I'll run your script for 3 or 4 seconds, and after that, if it hasn't finished, I'd better stop. that's one of the reasons why optimization is so important, but it also has this security angle. If we make any mistakes when we're designing our web browser, then outside agents might break into the computers then gain access to sensitive documents--our tax returns, our personal email, or whatnot. We want to make sure that that doesn't happen. The web is a great place but it also a dangerous place. Nothing can stop users from posting websites or malicious codes or writing scripts that will try to take advantage of your computer or your browser. There might be security holes or exploits, they're sometimes called, that allows this. I was wondering if you might talk a little bit about security in the language Absolutely. Security is a prevalent concern at Mozilla. When I was growing up, the idea of getting a software piece was that you actually drove to a store and you looked at a shelf and you pulled a box off the shelf and you paid somebody and you took it home and that piece of software was sold to you by a company that you trusted, by a third party that you trusted, so you had some sense of this piece of software that I'm about to put on my computer is something that I can believe is going to do something on behalf, not something against me. The web doesn't work like that way at all. The way that web applications work is when you can go to any website anywhere in the world, and somebody you've never met and never seen and that nobody can vouch for you is going to run some of the code that they wrote on your computer. So that changes the game. That means that in order to build a serious platform where programs can do important things on your behalf, we need to make sure that they can't also do important things against you. Most people put a valuable part of their lives on the web-like their bank account, for example, the more we have important assets to defend. One of the most concepts that people talk about security is the notion of the trust computing base. When you download some code from some third party that you don't know, if we're being kind of maximally pessimistic we say, well, I don't trust this code completely. I'd like it to do something for me but I don't know for sure that it's not malicious. However, that code is running inside of a web browser like Firefox, and I do trust the code written by firefox. In order to be able to say as much as we can about the security of a system, we'd like for the parts of the system that we need to trust the most to be as small as possible, so we talk about shrinking the trusted computing base, the goal of having the smallest possible amount of software where if it goes the wrong disaster can ensue--like somebody can steal or credit card information or your bank account. All modern web browsers are implemented in the C++ programming language. 
Now, C++ is a very powerful language. There are a lot of things that you can do with it. But it's also not a particularly safe language. It's a language where if you make one programming mistake, you can leave parts of your system open for malicious programs. For example, if you write a program in C++ and you have an array of data and you forget to make sure that the program doesn't go beyond the end of that array, in most programming languages you'll get a runtime error that says, "he tried to access in beyond the end of the array." C++ doesn't give you that protection.  C++ can keep you read whatever happens in memory at the end of that array. Well, whatever happens, to be in memory could actually be some part of the browser that has internal information like a password. It could also be some other program running on the system, and there are a lot of people out there who work on finding ways to exploit these kinds of bugs to get access to your private data. 
The project of building a web browser that people can trust and building a web browser that operates on a user's behalf is also one of building software that they can trust. In order to build software that they can trust, it needs to be built on top of programming technologies that we know we can work effectively to build software that's not unsafe. We've been discussing malicious code like JavaScript written by evildoers that we would run in our interpreter. Running an evil code seems really bad. 
Can't I just look at the source code and tell if it's bad before I run it and then not run the bad code? Why doesn't Mozilla do something like that? Unfortunately, it turns out that there's a lot of good theoretical computer science that shows us that that is a provably impossible problem.
 I don't know if you've discussed the halting program. 
>>We may have.  and we already know that that's an unsolvable problem in computer science. Looking at this maybe from a more positive side, that means that I'll always have a job. The law of compiler writer employability.

Best regards!
www.lmacomstore.xyz

Post a Comment

Previous Post Next Post