Slashdot Mirror
New NSA-Funded Code Rolls All Programming Languages Into One
An anonymous reader writes "What's your favorite programming language? Is it CSS? Is it JavaScript? Is it PHP, HTML5, or something else? Why choose? A new programming language developed by researchers at Carnegie Mellon University is all of those and more — one of the world's first "polyglot" programming languages. Sound cool? It is, except its development is partially funded by the National Security Agency, so let's look at it with a skeptical eye. It's called Wyvern — named after a mythical dragon-like thing that only has two legs instead of four — and it's supposed to help programmers design apps and websites without having to rely on a whole bunch of different stylesheets and different amalgamations spread across different files.
Why? What's the worst that could happen? What's the best?
Why is the NSA interested in something like that directly? What is the potential for abuse?
Is it to make code analysis that much more centralized and (supposedly) simple?
Why didn't this come up with itself before now?
I arrived at America pretty late - at the 60's - but at least at that time America had several institutions doing all kinds of wonderful basic research
Bell Labs
Xerox's famous lab at Palo Alto
The Skunkworks
And at that time Darpa funded a lot of basic research as well
Today, all gone
Even Darpa's funding are not aiming at basic research - such as what TFA has outlined - what they are doing at Carnegie Mellon is actually an applied research ... taking what has been known and add another layer onto it
What's happening in America nowadays is very worrying
Muchas Gracias, Señor Edward Snowden !
I looked up images of Wyvern on Google images. Don't think it's a good choice. Reminds me of the NSA's overreach over our lives. I think they should have named it Pussy Cat.
Is that a roll of dimes in your pocket or are you happy to see me?
CSS and HTML5 are not programming languages. You don't "choose" html5 over, say, php.
(And don't fucking say HTML5 + CSS3 is turing complete)
"What's your favorite programming language? Is it CSS?"
Why yes, I just love writing VoIP systems in CSS.
Hate to break it to you, but HTML5 and CSS are not programming languages.
Wasn't there some discussion on how effective a special, compiler-embedded virus would be? This seems like a good candidate for that.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Uh, and DARPA created the internet, so what?
Yes! Finally, a programming language and development system from a serious organization we can all trust to help us produce secure applications! I am so happy I'm doing the little Snoopy Dog House Dance! Oh-Joy! More Exclamation Points Please!!!
You have n programming languages. You think "That's to many, let's invent a programming language that combines all of them!", and then do so. You now have n+1 programming languages...
As you'd expect from CMU, the papers themselves are pretty interesting. Just read the abstracts instead of trying to guess from the summary or vice article, which are both way off the mark.
http://www.cs.cmu.edu/~aldrich/papers/ecoop14-tsls.pdf
http://www.cs.cmu.edu/~aldrich/papers/maspeghi13.pdf
At the NSA they KNOW a bigger haystack is a better haystack, so why not extend that idea to a programming language.
By understanding all the languages you get the strengths of all the languages and none of the weaknesses, programmers can just ignore the weaknesses then they arent there,
Why should programmers have to put up with those pesky syntax errors when you can just make the language accept any (stupid) command.
Forward to the future !
Why in the hell would you need to look at something with a skeptical eye just because money came from a certain source? Is the reputation of carnegie mellon suspect or something? And if so, shouldn't that in and of itself be the reason of suspect?
The submiter is a shallow person suffering from guilt by association which is never a valid premise. I mean i know skin heads who donate to planned patrenthood specifically because they have all their abortion clinics in areas with high minority populations and keep the minority populations in check. Does that mean we have to look at them wiyh a skeptical eye too? Of course not- or at least npt because a source of their funding has issues most of us find repulsive.
The merrits of this will rest on its own. There is absolutely no reason to put the integrity of the development into question simply because the NSA gave funding.
... without having to rely on a whole bunch of different stylesheets and different amalgamations spread across different files
There's nothing I love more than editing each embedded style sheet in a tree and searching through monolithic source files with thousands of functions...
No, it doesn't "roll all languages into one". It just allows embedding of the text of another language, such as HTML, into a Wyvern program. Variables can be substituted. Like this:
(except that the last 3 lines above should be indented, because this language uses Python-style block notation.)
Of course, everybody does that now, but the way they do it, especially in PHP, tends to lead to problems such as SQL injection attacks. The idea here is that Wyvern has modules for the inserted text which understand what kinds of quoting or escaping are required for the embedded language text.
I just glanced at the paper, but that seems to be the big new feature.
Yeah, about as skilled and effective as past Israeli-Palestinian negotiators...
To write better Apps and Websites?
Are these what the kids call programming languages these days?
It doesn't sound very serious.
CSS: not a programming language.
HTML: not a programming language.
PHP: not a programming language.
Note: I'm a web developer mostly these days, I write a bucket of each of these. I'm a computer science educated professional and I also write a lot of code in Java and C++. I really like PHP. It is however not a bloody programming language, it's a scripting language.
This program is valid C and, when saved as "test2.java", valid java code. Compilation with the C compiler results in a program that doesn't behave the same way if it were compiled with java:
//\
//\
//\
/*
#include "stdio.h"
/**///\
public class test2 {
//\
public static
void main
(String[]a)//\
/*
(int argc, char *argv[])//*/
{
System.out.printf("hi, I'm java\n");/*
printf("hi, I'm C\n");//*/
}
//\
}
And we know how well that worked the last time.
Why is Snark Required?
Maybe it should have been written in Wyvern to be more secure?
I really don't understand this. Almost every site I go to does the same damn crap with Javascript and all of it could be done with other technologies.
May I point out that the LLVM logo is a wyvern? http://llvm.org/Logo.html
- Henrik
- when the Shadows descend -
It's supposed to help the NSA, and to hurt you in the end.
It doesn't do what the summary says.
If it did, that would take care of half of my bugs. Within a 30-minute period, I might well work in PHP, Perl, ActionScript, JavaScript, and some other language. A large portion of my errors are things like using empty() in JavaScript. Especially, ActionScript is almost the same as JavaScript, and a lot of Perl is also valid PHP, so when switching between these it's easy to absent-mindedly tap out a line in the wrong language.
Once upon a time, I used vim syntax highlighting, which doesn't typically catch using the right syntax, but the wrong function name, but does make missed braces and such obvious. Maybe I should right a vim plugin for "wrong language, dummy." It would look for echo (phph vs print (Perl), etc.
There's a comment threshold feature that effectively eliminates your ability to see low rated comments, which these ravings are rendered to with a quickness thanks to a rather decent moderation scheme.
Caveat: two or three of the smartest things I've ever read on here were, at least at one point, low threshold.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
If it can't do Fortran, I don't want it.
Does it do APL ? Forth ? 6502 assembler?
They've re-invented PL/1!
I do not fail; I succeed at finding out what does not work.
The NSA's reputation has been annihilated. There are good people that work for such organizations. People that could and do benefit our society on a regular basis. Their institution was simply coopted by irresponsible people that sadly destroyed everything. Its a shame.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
"...and here's another one!"
Koans and fables for the software engineer
New filesystems and databases might show up as less people trust the same old tame providers that decrypt for the US gov as installed. :)
But the good news for the USA is the data will still have connect with say international billing and other US set global standards.
Thats where a system like this might be fun. You dont have to care what the backend was, just what is sent as known, expected, decrypted data.
Pulling useful data from new bespoke communications streams will be like setting the old standards. You still get to collect it all at some point in on the NSA's global network no matter how fancy nations and firms get internally.
Re 'Why didn't this come up with itself before now?" because it was all like ENIGMA 2.0 - plain text for the USA/UK over decades thanks to tame exported crypto that always had a trap or back door.
Now you have to hunt for fragments of the same messages in strange new net code. The standards are still US set, so you know what your looking for
Domestic spying is now "Benign Information Gathering"
Jellomizer has multiple posts all dated with 7:12 PM. Now, as a Slashdot member over the years, with excellent karma, I can't even post that fast, regardless of what I'm posting. What allows Jellomizer, without the consent of the editors/admins, to post spam repeatedly, without any time delay?
Allowing blatant spam to drown AC comments is likely the goal. Still not sure how Jellomizer posts over 20 (20+!!!) posts in under 6 minutes even IF they had excellent karma. This smacks of a slashcode bug or editor collusion. Normal users won't suffer because of the karma bonus, but affected users will include any ACs making relevant points. Allowing the spam to continue unabated will simply result in controversial viewpoints (held legitimately, posted AC to preserve reputation) being drowned out. For further reference, google Forum Slide.
What I really want to know is... how the fuck does a registered user post over 20+ posts in under 6 minutes without being filtered by the "you must wait X minutes" filter. This smacks of a slashcode exploit or editor collusion. I'm a registered user with Excellent karma, and I can't post anywhere NEAR that fast.
That's fine and wonderful, but some of us browse at -1 because some people make great points as an AC. This sort of spamming blatantly denies those people a voice.
CSS & HTML5 ***are*** code languages for programming machine behavior
*at the presentation level*
it's not an "original gangster" hardcore badass super 1337 C#+! language...it's not complex or "bragable" at a gathering of dorks trying to impress each other...
but it's symbols that form a code that humans use to 'program' machine behavior...that's a programming language
just accept it, once and for all, and stop all of you....just stop
it doesnt make your skillz any less bragable...it's a coding language...mostly visual design oriented...
***HTML5&CSS are not threats to your bragging rights***
Thank you Dave Raggett
Login, mark him as a foe, his posts will no longer show for you.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
...someone comes along and tries to re-invent the wheel and gift us with the ability to write in a single "unified" language that crosses the lines demarcating server and client.
Except it's inevitably a pile of hacky shit that is founded on a basic faulty idea.
I can tell you now, I'll never use it.
Anthing based upon HTML or CSS is guaranteed to be a unmaintainable crap. Put them together, and you have the largest pile of shite ever !
I don't know that anyone would call the storm troopers "accurate" though...
Your post makes various other points that sound reasonable to me, but I have to call out the above line from a couple of angles:
1) using the phrase "bad press" implies a virtuous subject that has been distorted by a reporting industry with a non-virtuous agenda. NOTHING OF THE SORT has happened to poor lil' NSA here... they FUCKED us, straight up, and got caught red-handed.
2) Whatever the extent to which the NSA is "interested in security", it might as well be the extent to which a wolf is interested in "keeping chickens alive"... yes the wolf wants a food supply, but that doesn't make the wolf a proponent of livestock. The NSA is all about surveillance at this point; their putting on the badge of promoting security is a means to an end. I won't rehash the extensive list of public standards they secretly compromised to that end; it speaks for itself.
Again, I think much of what you wrote makes sense, but in this particular line you stray notably too far into something approaching neutrality about the NSA. They are bad people with a bad agenda, and they'll fuck YOU the first chance they get.
- First they ignore you, then they laugh at you, then ???, then profit.
Without having looked at the post or scrutinized the language, here's a couple of guesses:
1) looks like C: i.e. verbose, vacuous, loopy.
2) has crappy (i.e. industry-standard) array-handling.
3) fails to incorporate any of the decades of research about how people approach problems versus how programming languages do.
Though since this is Slashdot, there's virtually zero chance this is the first (or the last) instance of a disgruntled nerd with some coding skill.
Can't you just picture the editors, worked up into a frenzy this Monday morning, feverishly pursuing a solution?
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
import wyv:parser.wyv
import java:wyvern.tools.parsing.ExtParser
import java:wyvern.tools.parsing.HasParser
import java:wyvern.tools.parsing.ParseBuffer
import java:wyvern.tools.typedAST.interfaces.TypedAST
type Calculator
def eval():Int
metadata:HasParser = new
def getParser():ExtParser = new
def parse(buf:ParseBuffer):TypedAST
val oNum = CalcParser.CalculatorParser.create(buf.getSrcString()).E()
~
new
def eval():Int = $oNum
This is supposed to make me feel this is a)secure and b) more bug free?
Perl was a polyglot before it was cool. Hipster Perl.
I am not your blowing wind, I am the lightning.
presentation is behavior...in fact, if all you have is a monitor **all behavior is presentation**
if use HTML5 to tell a computer to display a black background when you go to a URL
OR i could do the same to ****PROGRAM**** the computer to display a white background when you go to a URL
either way, user enters data (URL in browser) and computer returns a ***PROGRAMMED*** response
programmed using HTML5 so that the browser knows it's the *background* that is to be black, not another part
that's programming no matter how you define it...the definition of programming is clear
what's not clear is why people think HTML & CSS are not programming
it is...accept it
Thank you Dave Raggett
you can't redefine "coding" by calling everything "data"
it's instructions for a machine...that's coding...
you're playing linguistic games & no matter how you do it you're still wrong functionally
Thank you Dave Raggett
This is the problem with languages that try to be everything...they aren't really good at anything.
CSS + HTML + Javascript is how your HTML file used to look... (A big fucking mess).
Massive monolithic source files are not helpful. What is the purpose of this?
Go, swift were supposed to be more global Internet languages than their predecessors.
Then too, corporate derived projects arent necesarily as good as a celver grad student project.
Ada actually has some nice properties, but its sheer number of features makes it difficult to learn and find developers for.
Committees do tend to catch feature-itus because they try to make everybody on the committee happy. It's difficult to get good pruning of features from committees. They are pretty good at generating ideas, but NOT good at weighing trade-offs by saying "no" to the right things.
Table-ized A.I.
Where is the official rule that "programming languages" have to be Turing Complete?
They are to a good hacker.
Table-ized A.I.
i thought we were past this 'turing complete' shit...
seriously, given the right conditions, I can piss in a jar and it can be 'turing complete'
Turing did some very good work, obviously, but the whole computability function test has been shown to be reductive and just an abstraction
machines execute instructions. end.
Thank you Dave Raggett
an alphabet is a set of symbols
some languages have few...others, many
binary the former, chinese the latter
Thank you Dave Raggett
ADA++
Ken
The news release of -every- new computer language says it will replace all others. It has not happened yet, maybe next century...