Aggressive language on python-list
Dave Angel
d at davea.name
Thu Oct 18 05:43:01 EDT 2012
On 10/18/2012 02:19 AM, rusi wrote:
> <snip>
>
> IOW the robustness principle http://en.wikipedia.org/wiki/Robustness_principle
> is as good for human networking as for computers.
>
>
The catch to that is that the software that is liberally accepting
anything is quite vulnerable to attacks. Windows has a checksum in the
exe header that's been there since the MSDOS days, and to the best of my
knowledge has never been checked by the loader. So even accidental file
corruption goes unnoticed.
Likewise IP and other protocol accept all sorts of retries and
fragments, and since different OS's overlay those pieces with differing
rules, it's quite common for different OS's to see different versions of
the packets after reconstruction. So Intrusion detection software (sort
of like anti-virus) can be fooled.
Goals have changed over the years, and what was a good idea 20 years ago
is pretty painful now.
I suppose the human analogy might be the trusting people who believe any
scammer that comes along. As for me, I'd rather be sometimes fooled
than never to trust anyone. So, although I can argue against it, I
pretty much agree with the robustness principle.
--
DaveA
More information about the Python-list
mailing list