I just finished reading the article “Beating the Average” by Paul Graham.  The author argues that LISP is the most powerful languages.  He explains how that helps his startup company Viaweb to beat their competitors.  In the author’s view, program languages fall in an abstractness continuum and vary in power.  A higher-level language programmer, if look downwards, will find the lower-level language not acceptable.  However, if he looks upwards, he would think the languages are all the same.

The author makes the point that programming language is a habit.  People are used to their favorite language and are reluctant to change.  Therefore a lot of ordinary programmers code in “median” languages and never change.

I like the article and the way the points are made. However, I suspect that their technologies are better than the competitors because they are smart people. If they use another language, probably they are still at a better position.

Following are some quotes from the article:

• Programming languages are not merely technologies, but habits of mind as well, and nothing changes slower.
• This idea is rarely followed to its conclusion, though. After a certain age, programmers rarely switch languages voluntarily. Whatever language people happen to be used to, they tend to consider just good enough.
• We weren’t writing this code for our own amusement. We were a tiny startup, programming as hard as we could in order to put technical barriers between us and our competitors.
• But I don’t expect to convince anyone (over 25) to go out and learn Lisp.
• Ordinarily technology changes fast. But programming languages are different: programming languages are not just technology, but what programmers think in.  They’re half technology and half religion.

I just read some news: a “rogue” ISP is taken down.

This ISP is McColo.  Looks like it was helping too much spammers, the government and security researchers are so angry that they decide to knock it offline.

In the report there is a chart showing the amount of spam everyday.  One can easily see that when the time the ISP was taken down, the amount decreased significantly.

Before I saw this I thought there is not too much incentive for an ISP to help hampering spams.  It requires significant resources and can’t see immediate return.  Now I see that right things must be done, always.

This paper by David A. Wheeler is quite interesting:

http://www.dwheeler.com/trusting-trust/

It talks a method to counter a possible malicious trojan-horse to be planted in a compiler, which was presented by Ken Thompson in his ACM Turing Award acceptance speech.  This trojan-horse is very special that by examining the source code you find no clue of any malicious code.

The idea is very cute!

I read about the famous .rhosts vulnerability from a research paper recently. The .rhosts vulnerability is due to the interaction between rlogin and ftp. Some people believed it’s not a “bug”, rather it’s due to the different assumptions made by rlogin and ftp.

I was shocked by the trust assumptions of rlogin. It trusts traffic from an admin port (port number less than 1024) of another host without any authentication. It shouldn’t be very surprising though. The rlogin was designed at a time when functionality is of the paramount concern. For example, telnet/ftp sends password unencrypted over the network.

As another example of the “functionality first” principle, we can have a look at the Shatter Attack. Similar to the .rhosts vulnerability, Shatter Attacker is due to the lack of authentication of windows message passing system.

The security impacts of the design flaws are serious. When the systems get popular and the mechanisms mingled with other systems, it’s difficult to switch. Operational costs are high since we already have a lot of legacy systems. That’s why industry people sometimes prefer a patch to a prevalent flawed design than a secure design built from scratch.