Then what's the profit?
Posted Nov 1, 2010 21:59 UTC (Mon) by mikov
In reply to: Then what's the profit?
Parent article: A Firefox zero-day vulnerability
Languages and technologies chosen for "real world application" (I mean commercial ones) correlate more to the PR budget, not to the quality of stuff. Where technical excellence is more important (FOSS world) Java is not all that popular.
To put it mildly, this claim doesn't at all correspond to my experience, which is more than two decades with projects in C, and about a decade in Java. But experience is subjective of course, so I don't think I can use it to persuade you :-)
Seccomp reduces attack surface of the kernel so much that the remaining part can be made bug-free with large enough effort. More: you can decide what to put inside of sandbox and what to put outside.
Again, that is the same as saying "I trust the kernel to be 100% free, so root exploits from non-privileged code are impossible". Not very realistic, don't you agree?
Anyway, I think that we both have exhausted our respective objective arguments, so we should agree to disagree... It was informative - I definitely got some more insight into the issue, making my position more nuanced.
to post comments)