Slashdot Mirror


User: lgw

lgw's activity in the archive.

Stories
0
Comments
21,562
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 21,562

  1. Re:TFA does a poor job of defining what's happenin on How Your Compiler Can Compromise Application Security · · Score: 1

    Nice. Nice. I like the way you think.

  2. Re:TFA does a poor job of defining what's happenin on How Your Compiler Can Compromise Application Security · · Score: 1

    What do you mean "word is"? Nobody.. and I mean nobody... should ever be coding in C unless they've read the standard from top-to-bottom, carefully, at least once, and then keeps it handy.

    As in, (public) discussions on the standard between standards committee members. Reading the standard top-to-bottom only gives part of the picture, like reading the Constitution without reading the Federalist Papers. When late in the game someone writes something like "do you realize the means a char can only be 8 bits?" one can reasonably speculate that mandating an 8-bit byte (goodbye PDP) wasn't the intention.

    It's quite hard to write a standard that's both intelligible and unambiguous - English doesn't work that way. Sometimes googling around for the discussions sheds light.

  3. Re:TFA does a poor job of defining what's happenin on How Your Compiler Can Compromise Application Security · · Score: 1

    Signed integer overflow (props to some people elsewhere in the thread that taught me that this isn't true for unsigned!)
    Writing or reading past the end or beginning of an array
    Dereferencing a NULL pointer
    Accessing an object of one type via a pointer of another type (violating the strict-aliasing rules)

    All of these are exactly what I was talking about - different needs for different architectures. I've coded on a platform where writing to 0 was legal, and did something bad, unless you did it on purpose No fun at all, but possible to code for.

    Accessing memory at an address that has been free()ed or deleted
    Calling several STL algorithms with iterator pairs that don't form a valid range, e.g. copy(vec1.begin(), vec2.begin(), vec1.end()) (I think I ordered those right)

    These are important for library optimization. Without the optimization they allow, people would have written their own, faster libraries and that would have sucked far worse.

    Assigning the same scalar value twice without an intervening sequence point (e.g. i = i++; not only doesn't have a well-defined evaluation order but also provokes undefined behavior entirely

    I never did understand what they gained from that one, but the examples I've seen of the sequence point thing are horrible code anyway, so it doesn't bother me.

    The one big one in C++, the biggest gotcha for even veteran programmers, is the undefined lifetime of "compiler temporaries" (usually unnamed objects created in the argument list to a function call), which is a landmine for shared_ptr. I hope they fixed that one in C++0X

  4. Re:TFA does a poor job of defining what's happenin on How Your Compiler Can Compromise Application Security · · Score: 1

    There's nothing in the standard about "warnings", though most compilers are good about it when it comes to common problems. But even with a warning, optimizer's gonna optimize.

  5. Re:-Wall on How Your Compiler Can Compromise Application Security · · Score: 1

    No you don't want that warning, because any serious coding shop sets -Wall and treats warning as errors, so you'd just #pragma it off and still never see it.

    You're free to turn optimization off, however.

  6. Re:-Wall on How Your Compiler Can Compromise Application Security · · Score: 1

    If it thinks it can drop a section of my code entirely, or that a conditional can have only one result, that's almost certainly a bug and I want to know about it. After all -- if *I* thought the conditional could have only one result, I wouldn't have bothered checking it!

    Right, you want optimization turned off. I check compile-time constants in conditionals, for example, because they're merely compile-time, and might be changed in a different build.

    When an optimized sees "if (0 == 1)" it's going to remove the block. I take serious advantage of that, by putting tons of null checks in inline code. If the compiler can prove a pointer can't be null, it drops the check. That way I can code checking the same pointer for null 50 times in a function (because every library call checks inline), but the compiler might only check the first time.

    Also, very simple stuff like loop strength reduction involves removing code, depending on how you look at it.

  7. Re:Need new compiler features on How Your Compiler Can Compromise Application Security · · Score: 1

    On some machines, dividing by 0 gives 0. Volatile in C has nothing to do with multi-threaded code (it's an abuse of the standard that all modern compiler vendors embrace and support). Compiler warnings are the right answer.

  8. Re:TFA does a poor job of defining what's happenin on How Your Compiler Can Compromise Application Security · · Score: 2

    , fucked up computer languages allow "undefined code", ie. C / C++.

    Every language has some undefined behavior (and there are libraries with undefined behavior in every language), except maybe ADA.

    Java leaves a wide area undefined when it comes to multi-threaded code.

    Python has the same, plus it inherits some undefined behaviors from C.

    C/C++ leaves a wide are undefined to support oddball system architectures. For example, if you have some memory that only can store floating point numbers, and some general-purpose memory, the address ranges might overlap - that's why pointer subtraction is undefined unless within an array. In practice most programmers can treat all memory as one contiguous byte array, but on special-purpose hardware you can still use C. Most of C's undefined behavior comes from the much wider variety of system architectures when C was young, but can still be useful for embedded systems.

  9. Re:TFA does a poor job of defining what's happenin on How Your Compiler Can Compromise Application Security · · Score: 5, Funny

    No, the compiler is allowed to to anything it damn well pleases wherever the standard calls behaviou "undefined". One of my favorite quotes ever from a standards discussion:

    When the compiler encounters [a given undefined construct] it is legal for it to make demons fly out of your nose

    Nasal demons can cause code instability.

  10. Re:TFA does a poor job of defining what's happenin on How Your Compiler Can Compromise Application Security · · Score: 1

    Under C99 all machines must be both 2s-compliment and have 8-bit bytes. IIRC both fall out from inttypes.h. Word is this wasn't intentional, but it had been so long since anyone actually used other architectures that no one noticed that implication.

  11. Re:From my cold dead hands... on Chrome Will End XP Support in 2015; Firefox Has No Plans To Stop · · Score: 2

    It's one thing to fear change, it's another to see no reason to change when what you have works. If all you do it "non power user" stuff, which these days is almost all web browser (shopping, email, social sites, photo sharing), then XP is a great lightweight OS - takes very little disk, and is quite happy with 2GB memory.

    If you're running a secure web browser, and that's all you need, then why change?

    I only moved to Win7 because I like the UI better overall, and I could afford a high-end-at-the-time system to make it as fast as XP was - but that change started with the desire to build a new system for fun, not to change the OS.

  12. Re: Another day, another anti-Apple story on Apple Blocks Lawrence Lessig's Comment On iOS 7 Wi-Fi Glitch · · Score: 1

    Portions of the Slashdot community have been anti-Apple since the "hacker proof" sealed box Macintosh came out in 1984.

    I've been anti-Apple since I could never afford one when I was young (Atari/Amiga FTW!). But Apple has a long track record of abusing it's customer base. On a good year, it shoots itself in the foot on customer support. On a bad year, they have to re-hire Jobs to save the company.

    TFA is yet another "shooting itself in the foot on customer support" moment, pretty much par for the course. But the next time they make one of their big mistakes, who will save them now?

  13. Re:Time to update California laws on Anti-Poaching Lawsuit Against Apple, Google and Others Given the Green Light · · Score: 1

    All citizens deserve a basic level of protection against exploitation from greedy entities.

    I think that's both too strong, and stronger than is relevant here. The government has a legitimate interest in preventing fraud, and in preventing price fixing. Those more concrete protections are far better things to insist on - especially since they're also requirements for a free market.

  14. Re:Canonical might suck... on Debian To Replace SysVinit, Switch To Systemd Or Upstart · · Score: 1

    mostly okay for some stuff, and utter **** for anything else.

    This is /., there's no profanity filter here. You can say "utter crap shat out by a diuretic weasel" if you want to phase it mildly.

  15. Re:Governor Appointed on Nebraska Scientists Refuse To Carry Out Climate Change-Denying Study · · Score: 1

    Well, I can see from your other posts that you categorically reject any information contrary to your established views, so I'm hardly surprised by your rejection of the idea of talking to people with opposing views.

  16. Re:Governor Appointed on Nebraska Scientists Refuse To Carry Out Climate Change-Denying Study · · Score: 1

    It's clear that neither "side" is interested in decreasing government spending per se, each side wants more for their own supporters, and is indifferent to the supporters of the other side, inevitably resulting in compromises where supporters of both sides get at least a little. Oh well, that will continue until it can't, and ugly as that moment will be it won't be the collapse of civilization that the bunker-dwellers fear.

  17. Re:Governor Appointed on Nebraska Scientists Refuse To Carry Out Climate Change-Denying Study · · Score: 1

    My only strong belief here is that any party or coalition that tries to reduce government spending will be treated by the press (and most economics professors) exactly like the Tea Party is: called a bunch of crazy racists with no credibility,

    It makes me sad that we didn't make those "modest incremental changes" to bring the budget under control back when we still could. Now it's going to get very ugly when the next economic downturn comes, and much needless suffering will ensue.

  18. Re:Governor Appointed on Nebraska Scientists Refuse To Carry Out Climate Change-Denying Study · · Score: 1

    What does "provably false" mean? I'm going on with life as if "evolution is lies from the pit of hell' is false, but I can't prove it. However, some of my favorite theories are: human CO2 emission will cause Earth to become like Venus; nuclear power kills more people than coal; the government can print an unlimited amount of money and not cause inflation; the "truth" about 911; organic foods have no chemicals; we spend too much money in space; the only reason you could oppose Obama's policies is racism; Saddam Hussein never had WMDs; using logic to judge the correctness of an argument is a tool of the Patriarchy and thus invalid. The last one especially isn't provably false, but it's my favorite.

  19. Re:Governor Appointed on Nebraska Scientists Refuse To Carry Out Climate Change-Denying Study · · Score: 1

    Sure, just believe the media hype about the Tea Party. It's the one group who still advocates for smaller government, so they must be a bunch of crazy racists, right? This is why I fear the government spending bubble is not going to have a soft landing.

  20. Re:This does not mean advancements in AI on CAPTCHA Busted? Company Claims To Have Broken Protection System · · Score: 1

    Everything that researches in the 1960s called "AI" we now have. I believe it was Minsky who said "AI is whatever computers can't do yet". Human intelligence is just a bunch of heuristics, for the most part: we're not so special.

  21. Re:You think that government is apolitical? on Nebraska Scientists Refuse To Carry Out Climate Change-Denying Study · · Score: 1

    Running a company is complex, and includes the ideologies of the actors involved. It's not a purely corrupt process by a long stretch. You got to study these things to work out how things happen in real life.

  22. Re:You think that government is apolitical? on Nebraska Scientists Refuse To Carry Out Climate Change-Denying Study · · Score: 1

    Or maybe you're just wrong? It's bad for every modern nation in the world to do things the same way - that way there will never be growth, because growth requires change. Let Europe do it's thing. Let the US do something very different. Live in the place you think does it right. Let others live the way they think is right.

  23. Re:Governor Appointed on Nebraska Scientists Refuse To Carry Out Climate Change-Denying Study · · Score: 1

    Check out the age of most of those guys. The crazy was strong in the "greatest generation", and somewhat there in the baby boomers.

    And thanks to the internet they can live in there own bubble devoid of any actual facts they disagree with.

    If you don't see how that applies equally to both sides, you're living in an internet bubble devoid of any actual facts that you disagree with.

  24. Re:Governor Appointed on Nebraska Scientists Refuse To Carry Out Climate Change-Denying Study · · Score: 1

    Each side has it's crazies, in about equal proportion, and neither is dominated by them. They get thrown a bone, now and then, but nothing of substance.

  25. Re:You think that government is apolitical? on Nebraska Scientists Refuse To Carry Out Climate Change-Denying Study · · Score: 1

    I notice you ignore the question of a falsifiable hypothesis. The quantitative models from 1990 were wrong, wrong by more than their error bars, so IMO they've been falsified. The quantitative models from 2000 aren't looking so hot. That doesn't mean the qualitative idea is wrong, and the models from 2010 might finally be right, but if you assume they're right at this point, that has become faith and religion.