?

Log in

No account? Create an account
September 5th, 2006 - Adventures in Engineering — LiveJournal
The wanderings of a modern ronin.

Ben Cantrick
  Date: 2006-09-05 19:52
  Subject:   [/.] MS Research solves the halting problem - hilarity ensues.
Public
  Location:Melinda Gates' bedroom
  Mood:Laughing my nerd ass off
  Music:MC Plus+ - Alice and Bob

Researchers at Microsoft have completed work on a prototype framework called BrowserShield that promises to intercept and remove, on the fly, malicious code hidden on Web pages,

http://it.slashdot.org/it/06/09/05/0534249.shtml

Apparently those clever guys at MicroSoft have never heard of The Halting Problem. (Edit: Or Rice's Theorem.) In short, it is possible to prove mathematically (and Alan Turing did, in the 1800's) that programs like this can never both be accurate and have finite runtime. In other words, either it has bugs, or else it goes into an infinite loop. One of the two is inevitable. And we have a mathematical proof of this.

So, these guys apparently didn't even take comp sci 1001. And now MicroSoft is handing control of what code your browser will and won't execute... over to them. This is *almost* as bad an idea as allowing your browser to execute arbitrary code from random web pages in the first place! ^O^

Theoretical issues quite aside, how about practical ones?

I made a similar product once.
Unfortunately, I wrote it directly into my program without giving it another name, since I didn't realize I could sell the security separate from the program.


(Whoah, a rare /. story where the comments are worth reading!)

People just don't learn. JavaScript (and web-page embedded scripting languages in general) have been security nightmares since they were released ('96) and the passage of more than a decade has NOT improved them in any significant way. When are we going to call a spade a spade and throw JavaScript out completely?

And hell, we don't need MS to do this for us. I keep telling people, "turn off JavaScript in your browser prefs." And I've been saying this for several (going on "many") years now. When will anyone actually listen? Yeah, I know: never. Because after all, worse is better.
6 Comments | Post A Comment | | Link



browse
May 2015