Hacker News new | past | comments | ask | show | jobs | submit login

It just seems amazing to me that anyone with anything remotely resembling a degree in CS[0] would think that this kind of scanning would work for a Turing Complete language. If you restrict extensions to non-TC languages, then it could be made to work[1]. Also the argument that it stops lazy malware authors is absurd -- it's as if they haven't heard of script kiddies. The situation here is exactly analogous: one someone figures out a way around their (extremely ad-hoc) checks, everybody else gets that "workaround" for free. They're only setting themselves up for a neverending whack-a-mole game which they can only lose, solely based on the amount of resources they have.

[0] As one hopes at least some of the people working on this would have. Not that a degree confers magical powers, but any CS education will go over what's known to be impossible.

[1] ... by static checks via type system, termination checker and restricting access to "unsafe" modules/libraries. Of course it's doubtful how many extension authors would be able/willing to write their extensions in e.g. Idris.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: