repeated parameter names and default values

[Andrea Giammarchi]

quoting myself:

Apologies and thanks for describing **even** these details in
specifications, appreciated!


as summary: I know this is a must have too :-)

On Thu, Sep 27, 2012 at 6:10 PM, Mark S. Miller <erights at google.com> wrote:

>
>
> On Thu, Sep 27, 2012 at 9:41 AM, Allen Wirfs-Brock <allen at wirfs-brock.com>wrote:
>
>>
>> On Sep 27, 2012, at 9:31 AM, Andrea Giammarchi wrote:
>>
>> > it would be stupid to code like that but it makes sense since it has
>> basically always been like that :)
>>
>> A big part of of my job is specifying what stupid code does.
>>
>
> Although Allen does so mostly for non-security reasons, I'll take this
> moment to make a security point:
>
> "Normal" non-defensive programming generally seeks to avoid edge cases,
> and especially edge cases where platforms are likely to differ.
>
> Attackers see such edge cases as opportunities. Whereas a correct program
> should work on all conforming platforms, an attack is successful even if it
> only succeeds on one supported platform.
>
> Therefore, defensive programs, though they should still stay away from
> edge conditions for the functionality they provide, must worry about and
> defend themselves against all the possible adversary behaviors that these
> edge conditions might enable.
>
> Thus, a language that supports defensive programming needs this kind of
> careful attention to "stupid" edge conditions.
>
> This is not to argue for or against any specifics of this proposal.
>
>
>>
>> Allen
>>
>> _______________________________________________
>> es-discuss mailing list
>> es-discuss at mozilla.org
>> https://mail.mozilla.org/listinfo/es-discuss
>>
>
>
>
> --
>     Cheers,
>     --MarkM
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120927/d2732e52/attachment-0001.html>