September 5th, 2006


[/.] MS Research solves the halting problem - hilarity ensues.

Researchers at Microsoft have completed work on a prototype framework called BrowserShield that promises to intercept and remove, on the fly, malicious code hidden on Web pages,

Apparently those clever guys at MicroSoft have never heard of The Halting Problem. (Edit: Or Rice's Theorem.) In short, it is possible to prove mathematically (and Alan Turing did, in the 1800's) that programs like this can never both be accurate and have finite runtime. In other words, either it has bugs, or else it goes into an infinite loop. One of the two is inevitable. And we have a mathematical proof of this.

So, these guys apparently didn't even take comp sci 1001. And now MicroSoft is handing control of what code your browser will and won't execute... over to them. This is *almost* as bad an idea as allowing your browser to execute arbitrary code from random web pages in the first place! ^O^

Theoretical issues quite aside, how about practical ones?

I made a similar product once.
Unfortunately, I wrote it directly into my program without giving it another name, since I didn't realize I could sell the security separate from the program.

(Whoah, a rare /. story where the comments are worth reading!)

People just don't learn. JavaScript (and web-page embedded scripting languages in general) have been security nightmares since they were released ('96) and the passage of more than a decade has NOT improved them in any significant way. When are we going to call a spade a spade and throw JavaScript out completely?

And hell, we don't need MS to do this for us. I keep telling people, "turn off JavaScript in your browser prefs." And I've been saying this for several (going on "many") years now. When will anyone actually listen? Yeah, I know: never. Because after all, worse is better.
  • Current Music
    MC Plus+ - Alice and Bob