Slashdot Mirror

← Back to Stories (view on slashdot.org)

New NSA-Funded Code Rolls All Programming Languages Into One

Posted by timothy on from the so-your-program-can-confuse-itself dept.

An anonymous reader writes "What's your favorite programming language? Is it CSS? Is it JavaScript? Is it PHP, HTML5, or something else? Why choose? A new programming language developed by researchers at Carnegie Mellon University is all of those and more — one of the world's first "polyglot" programming languages. Sound cool? It is, except its development is partially funded by the National Security Agency, so let's look at it with a skeptical eye. It's called Wyvern — named after a mythical dragon-like thing that only has two legs instead of four — and it's supposed to help programmers design apps and websites without having to rely on a whole bunch of different stylesheets and different amalgamations spread across different files.

11 of 306 comments (clear)

  1. Lack of basic research by Taco+Cowboy · · Score: 5, Insightful

    I arrived at America pretty late - at the 60's - but at least at that time America had several institutions doing all kinds of wonderful basic research

    Bell Labs
    Xerox's famous lab at Palo Alto
    The Skunkworks

    And at that time Darpa funded a lot of basic research as well

    Today, all gone

    Even Darpa's funding are not aiming at basic research - such as what TFA has outlined - what they are doing at Carnegie Mellon is actually an applied research ... taking what has been known and add another layer onto it

    What's happening in America nowadays is very worrying

    --
    Muchas Gracias, Señor Edward Snowden !
  2. Shit summary by Anonymous Coward · · Score: 5, Insightful

    CSS and HTML5 are not programming languages. You don't "choose" html5 over, say, php.
    (And don't fucking say HTML5 + CSS3 is turing complete)

    1. Re:Shit summary by Bing+Tsher+E · · Score: 5, Insightful

      I didn't see any programming languages in the list on the summary. Just a bunch of web shit.

  3. CSS? by Anonymous Coward · · Score: 5, Funny

    "What's your favorite programming language? Is it CSS?"

    Why yes, I just love writing VoIP systems in CSS.

  4. You have n programming languages... by Anonymous Coward · · Score: 5, Funny

    You have n programming languages. You think "That's to many, let's invent a programming language that combines all of them!", and then do so. You now have n+1 programming languages...

  5. No, it doesn't "roll all languages into one" by Animats · · Score: 5, Informative

    No, it doesn't "roll all languages into one". It just allows embedding of the text of another language, such as HTML, into a Wyvern program. Variables can be substituted. Like this:

    let webpage : HTML = <html><body><h1>Results for {keyword}</h1
    <ul id="results">{to_list_items(query(db,
    SELECT title, snippet FROM products WHERE {keyword} in title))}
    </ul></body></html>

    (except that the last 3 lines above should be indented, because this language uses Python-style block notation.)

    Of course, everybody does that now, but the way they do it, especially in PHP, tends to lead to problems such as SQL injection attacks. The idea here is that Wyvern has modules for the inserted text which understand what kinds of quoting or escaping are required for the embedded language text.

    I just glanced at the paper, but that seems to be the big new feature.

  6. CSS? JavaScript? PHP? HTML5? by tommeke100 · · Score: 5, Insightful

    To write better Apps and Websites?
    Are these what the kids call programming languages these days?
    It doesn't sound very serious.

  7. Re:Programming language? by Capsaicin · · Score: 5, Insightful

    I really like PHP. It is however not a bloody programming language, it's a scripting language.

    I really hate PHP, but what I hate even more is being confronted with this mysterious distinction between "scripting" and "programming" languages.

    A language might be strongly or weakly, dynamically or statically typed. A particular implementation might employ a compiler, a virtual machine or interpreter. These are meaningful distinctions. But what (with the possible exception of a hardware specific control language) does it even mean for a language (as distinct from its implementation) to be a "scripting" language?

    Would PHP cease to be a scripting language if an object code compiler were available for it? Is 'C' a "scripting language" just because it's interpreted? And what about a language which has never actually been implemented, what in the language specification determines unequivocally if that language is 'scripting' or a a 'programming' language?

    --
    Better to be despised for too anxious apprehensions, than ruined by too confident a security. --Edmund Burke
  8. Its really too bad... by Karmashock · · Score: 5, Insightful

    The NSA's reputation has been annihilated. There are good people that work for such organizations. People that could and do benefit our society on a regular basis. Their institution was simply coopted by irresponsible people that sadly destroyed everything. Its a shame.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
  9. Re:Wyvern = Wyrm by Bite+The+Pillow · · Score: 5, Insightful

    Why?

    To write applications in one language, instead of HTML, CSS, JavaScript, SQL, and something else. Not including multiple levels of configuration files (website and web server at least).

    What's the worst that could happen?

    The NSA could insert backdoors which, unless they were incomprehensible crypto, would be easily found by both white and black hat investigators. Also, Carnegie Mellon University, which has a pile of research announcements every year, has its entire research department under suspicion of colluding with an oppressive government agency and spends decades regaining international status as someone you can do anything other than make the punchline of a joke.

    CMU losing status is, to CMU, absolutely an intolerable option. I'm not saying it won't just because of the potential impact, but you asked what is the worst that could happen. Backdoors, and a respected university bursts into flames and is disregarded for decades internationally. That's bad.

    What's the best?

    Fewer bugs.

    Why is the NSA interested in something like that directly?

    Because despite recent bad press, they are interested in security. If we can write stuff with fewer bugs, we are more secure. Maybe there are still plenty of bugs in the hardware/OS that they know about, but fewer bugs in the application level, which means the foreigners don't know about them because they don't exist.

    What is the potential for abuse?

    Pretty small. White hats will vet the libraries, black hats will try to penetrate it, and it's no more or less secure than anything else a human has written. But people can make mistakes in fewer languages. And they aren't replacing languages, from the sound of it.

    Is it to make code analysis that much more centralized and (supposedly) simple?

    I suppose you could read the article.

    Why didn't this come up with itself before now?

    Why didn't the airplane come up before it did? Are you insinuating something? Do you know something we don't know? Did someone mod you up for any particular reason, or just because you spewed thoughtless rhetorical questions?

  10. Re:Wyvern = Wyrm by Anonymous Coward · · Score: 5, Insightful

    backdoors [...] would be easily found by both white and black hat investigators.

    That's about the same as stating it is as simple to find a needle in a haystack as to put one in.

    We already have issues finding normal bugs. We have seen flaws in kernels and encryption libraries that might have well been a typo, yet were in for years.