Fixing Bugs, But Bypassing the Source Code 234
shreshtha contributes this snippet from MIT's Technology Review: "Martin Rinard, a professor of computer science at MIT, is unabashed about the ultimate goal of his group's research: 'delivering an immortal, invulnerable program.' In work presented this month at the ACM Symposium on Operating Systems Principles in Big Sky, MT, his group has developed software that can find and fix certain types of software bugs within a matter of minutes." Interestingly, this software doesn't need access to the source code of the target program.
Misleading Slashdot summary, as usual (Score:2, Informative)
It checks a bunch of identical machines for a set of know bugs, then applies a bunch of predermined patches until one works.
That's nice, but not what was promised.
Re:Misleading Slashdot summary, as usual (Score:2, Informative)
This is good in preventing an attack or code injection. But as far as bug fixing nothing could be further from the truth. Some developer still needs to look at the assembly generated to identify the bad path taken, find that place in the code, figure out how the program got there, apply a fix, test the fix, then deploy the new application. If anything this is a QA tool for software to avoid attacks.
A valuable tool for exposing bugs. Bug as far as actually improving software I do not see it.
Re:No Silver Bullet (Score:3, Informative)
I'd also point out, that from an Automata Theory standpoint, "The task of software verification is not solvable by a computer" (MIT's own Sipser).
sensasionalists ? (Score:4, Informative)
Re:MS will probably kill it (Score:5, Informative)
imagine the sheer volume of .CONF files a Linux user would have to waft through just to get this to check a distro for bugs.
Looks like the volume is...zero? I think maybe I don't understand what you mean. Is ".CONF" some sort of Windows-speak for configuration files? If so, then the fact that they're all in /etc (or possibly /usr/etc or /usr/local/etc) and /home should make them very easy to skip.
Re:Misleading Slashdot summary, as usual (Score:1, Informative)
Either you didn't read the article, or you have a massive reading comprehension problem. Clearview actually creates patches to fix problems that it identifies. Note the following passage from the article:
"For seven of the attacking team's approaches, ClearView created patches that corrected the underlying errors. In all cases, it discarded corrections that had negative side effects. On average, ClearView came up with a successful patch within about five minutes of its first exposure to an attack."
Re:Misleading Slashdot summary, as usual (Score:1, Informative)
You should re-read the article, and specifically the following passage:
"For seven of the attacking team's approaches, ClearView created patches that corrected the underlying errors. In all cases, it discarded corrections that had negative side effects. On average, ClearView came up with a successful patch within about five minutes of its first exposure to an attack."
So it does indeed fix bugs, contrary to your claim.
That's a first post of sorts. (Score:1, Informative)
First nigger post I've ever seen here that got modded "Funny."
The mods must be the sense-of-humor group today.
If the moderation changes later, I swear, it was "Score:0, Funny" when I posted this.
The actual paper. (Score:3, Informative)
Re:How about (Score:3, Informative)
Now that the whole Chuck Norris phase has kinda spun down does anyone see Bruce Schneier picking up the mantel? At least in geek culture / IT? I think it would be hilarious.
Ask and ye shall receive [schneierfacts.com].