Daniel J. Bernstein
Daniel J. Bernstein

"I often see people saying 'Nobody has produced an invulnerable software system; therefore, nobody will ever produce an invulnerable software system.'"By the same bogus reasoning, nobody will ever reach Mars; nobody will ever find MD5 collisions; nobody will ever cure cancer; nobody will ever prove the Poincare conjecture; nobody will ever clone a human; nobody will ever build a 1GHz CPU; nobody

will ever find SHA-1 collisions; nobody will ever break the sound barrier; etc."

Daniel J. Bernstein
Daniel J. Bernstein

Of course, the test difficulty depends on what you're doing, and on how you're doing it. I'm constantly asking "How much would I have to screw this up to write an incorrect function that passes these simple tests?" Occasionally the answer is "Not much," so I'll throw the code away and start over. It was probably perfect code, but that's not good enough.

Daniel J. Bernstein
Daniel J. Bernstein

"So it's tempting to incorporate a smaller resolver library into qmail. […] I'd no longer be able to blame the BIND authors and vendors for the fact that attackers can easily use DNS to steal mail." [From the file "THOUGHTS" of the qmail distribution]

Daniel J. Bernstein
Daniel J. Bernstein

The great thing about attackers is that there are so many to choose from!