That kind of a guarantee is as good as the code, there is no way to guarantee software at that level, all it takes is a single bug for that guarantee to be worthless. There is no piece of software even 10% the size of the JVM without bugs. All that you know for sure is that there are undiscovered bugs.
Do you have a reference for that guarantee ? I'd like to read that bit, I've always been interested in software that comes with assurances.
> "that it is possible to corrupt the complete memory area that you have access to"
That goes for *every* program that is linked together as a single binary. There are some very fancy schemes where objects have their own memory protection but this is very much outside the scope of most hardware.
Granted, a language like java may give you the illusion that all your objects are nicely compartimentalized but that really is just that, an illusion. All those objects and the associated code live in the same space and while it is arguably harder to overwrite some other objects memory space, once you've achieved it (whici is a lot harder than in C, granted, but still possible) good luck finding the cause.
Yes, that's absolutely true. Building a 'decompiler' for C would be pretty much impossible except for very limited use cases (and disallowing any form of optimization). I did some reverse engineering in the mid 80's and a multi-pass disassembler (to separate out code and data by 'simulating' the code) and stack frame rebuilder were fun tools to build and use. But the output was definitely not ready to be fed back in to the compiler.
I was more thinking of the 'forward' path, when you are compiling source to assembly and then to object code. In C (and C++) it is trivial to ask for all the intermediate files. I'm not sure how you do that (or even if it is possible) to do that with Java (there probably is some way to do that, it would seem to be a logical step in writing a compiler).
The Java bytecode implements a stack machine and it is also quite possible to write for that stack machine directly, one way is to use the 'jasmin' (http://jasmin.sourceforge.net/) assembler.
you are of course completely right:) Not that that seems to make much difference for dutch law, hosting a torrent here is just as illegal as hosting the data. In fact *pointing* to a torrent is already illegal !
Exactly. C is best thought of as a very powerful assembly preprocessor. I know that sounds harsh but when I look at a chunk of C code I have a pretty good idea of the assembly language the compiler is going to emit. Even with C++ that works to a certain extent.
With Java and most other 'friendly' languages you have literally no way of knowing what is going on under the hood unless you are prepared to invest a lot more time and effort than is available to the average comp-sci student.
With C that's as close as a single flag on your compile line and you can study the generated code until you're tired of it.
bad form to reply to my own post, for those who can't wait to get their hands on the amazing content listed in TFA and that are currently not in a position to get their card from the local store (due to financial, weather or ethical constraints) here you go:
Seriously though, when Sony decided it was ok to include a rootkit with their music I think they did not realize just how much damage they were doing to their brand.
Different languages have different purposes, C has gravitated to a 'niche', system level stuff, situations where performance is more important than security (not everything is connected to the internet, impressions to the contrary). And - surprise - 30 years ago we were living in a different world security wise. The biggest problem with strcpy is not that it is 'inherently unsafe', it is that if you do not do proper input sanitation you can not rely on it.
This goes for most of the so called 'insecure' functions in C, they only become insecure if you have already messed up in an earlier stage of your code. If you are aware of the limitations of the standard library routines (even the unsafe ones) and you are operating in a 'hostile' environment (and todays internet certainly qualifies as such) then you'll need to take great care to accept only input that matches your assumptions in the code further down, if not you are in trouble. But good programmers will work like that anyway.
It's perfectly possible to write crappy code in *any* language, not just in C (though, in the words of one old timer programmer 'C is like a racecar, you can cut corners but if you do that too often you'll end on your side).
To come back to a fairly well thought out piece with an answer like what was written several levels above here is not in any way helping the discussion, it is simply insulting.
on the *day* that I first even heard about google it was lightyears ahead of anything else on the market at the time, which is why I used it and stuck with it. That's how adoption on the web works. If you start sending out press releases about your 'launch' then you'd better be ready.
Wikipedia wasn't launched by a bunch of press releases in the alpha stage. Oh, and wikipedia gets a very large share of it's traffic from google soon to be a major competitor. We'll see how that 'do no evil' holds up. Already google is gearing up to launch it's own wikipedia competitor (which I also think is a misguided move, after google video and orkut you'd think they'd learned their lesson).
I tried it on a bunch of fairly simple queries and got nothing but extremely lousy results.
On the web first impressions really matter and I think wikia fails horribly in that respect.
Please Jimmy Wales go and fix wikipedia, it needs urgent attention, especially protection from editors running wild, and please, google go work on getting rid of that spam and fixing the rankings...
ludicrousness covers the bs you spout quite well, thank you. I have a very short list of 'foes' and you are now one of it's happy inmates, enjoy your stay there.
Intels' saleswoman did not do Intel a favour on this one, I just quit buying Intel. Nick Negroponte once again shows himself to be a man of integrity. A couple of bad pr moves like this and Intel might find itself chasing AMD for marketshare instead of the other way around, after all there really is nowhere else to go if you don't want to use Intel.
I actually fully agree with you, it was just that the numbers were misrepresented.
I have both linux & macs here, no windows though.
The linux folks should realize that choice is good, but that too much choice leads to fragmentation and that it is sometimes better to present a united front than to show that you too can do something half baked. There is simply too much ego in open source at the moment to get that solved.
It's not evidence, it's anecdote. If we'd apply the same standard of proof to god that we would apply to a shoplifting then religion would be out of business pretty quickly. The funny thing is that religion should be held to a *HIGHER* standard because of all the outrageous claims they make and the wisdom they claim to profess.
Apple has almost doubled, linux has *MORE* than doubled in the same period of time. Also apple has a pretty big budget to promote their 'unix on the desktop' version, substantially more than all the producers of a desktop version of linux.
The surprise should be that in spite of having next to no budget linux did so well.
the same is happening in music. A 24 track studio would set you back a small fortune 2 decades ago, it's 1/th the size and 1/100th the cost now (*and* better quality)
Spot on. Give a movie director a $50 million budget and he'll burn it, that's for sure, but it won't neccesarily lead to better movies.
Real creativity is inspired by constraints, and a financial constraint is just another barrier to filter the truly creative from the shock-and-awe types.
Maybe we should put together a list of movies that had a $1M budget and that grossed a profit ? (excluding porn movies;) )
a world without 50 million dollar action movies might actually be an improvement. Snatch was 'low' budget, quite the action movie and did ok. Hollywood would have a bit of a problem but I don't think I would lose any sleep over it. Mel Gibson might have to get a day job:)
Slashdot Mirror
cool ! thank you, learn a new thing everyday. Now to find a reason to write something in Java...
The jvm is itself a program written in C ...
That kind of a guarantee is as good as the code, there is no way to guarantee software at that level, all it takes is a single bug for that guarantee to be worthless. There is no piece of software even 10% the size of the JVM without bugs. All that you know for sure is that there are undiscovered bugs.
Do you have a reference for that guarantee ? I'd like to read that bit, I've always been interested in software that comes with assurances.
just one second in google:
http://seclists.org/bugtraq/2007/Oct/0417.html
> "that it is possible to corrupt the complete memory area that you have access to"
That goes for *every* program that is linked together as a single binary. There are some very fancy schemes where objects have their own memory protection but this is very much outside the scope of most hardware.
Granted, a language like java may give you the illusion that all your objects are nicely compartimentalized but that really is just that, an illusion. All those objects and the associated code live in the same space and while it is arguably harder to overwrite some other objects memory space, once you've achieved it (whici is a lot harder than in C, granted, but still possible) good luck finding the cause.
Yes, that's absolutely true. Building a 'decompiler' for C would be pretty much impossible except for very limited use cases (and disallowing any form of optimization). I did some reverse engineering in the mid 80's and a multi-pass disassembler (to separate out code and data by 'simulating' the code) and stack frame rebuilder were fun tools to build and use. But the output was definitely not ready to be fed back in to the compiler.
I was more thinking of the 'forward' path, when you are compiling source to assembly and then to object code. In C (and C++) it is trivial to ask for all the intermediate files. I'm not sure how you do that (or even if it is possible) to do that with Java (there probably is some way to do that, it would seem to be a logical step in writing a compiler).
The Java bytecode implements a stack machine and it is also quite possible to write for that stack machine directly, one way is to use the 'jasmin' (http://jasmin.sourceforge.net/) assembler.
Buena! ;)
I'm really sorry, but I couldn't in good faith post the torrent link of a half decent artist...
you are of course completely right :)
Not that that seems to make much difference for dutch law, hosting a torrent here is just as illegal as hosting the data. In fact *pointing* to a torrent is already illegal !
Exactly. C is best thought of as a very powerful assembly preprocessor. I know that sounds harsh but when I look at a chunk of C code I have a pretty good idea of the assembly language the compiler is going to emit. Even with C++ that works to a certain extent.
With Java and most other 'friendly' languages you have literally no way of knowing what is going on under the hood unless you are prepared to invest a lot more time and effort than is available to the average comp-sci student.
With C that's as close as a single flag on your compile line and you can study the generated code until you're tired of it.
bad form to reply to my own post, for those who can't wait to get their hands on the amazing content listed in TFA and that are currently not in a position to get their card from the local store (due to financial, weather or ethical constraints) here you go:
http://torrents.thepiratebay.org/3823582/Barry_Manilow_-_The_Greatest_Songs_Of_The_Seventies.3823582.TPB.torrent
http://torrents.thepiratebay.org/3958971/Britney_Spears_-_Blackout_(2007)_Dance_%5BBYANOUS%5D.3958971.TPB.torrent
Seriously though, when Sony decided it was ok to include a rootkit with their music I think they did not realize just how much damage they were doing to their brand.
Has lots of DRM free sony downloads, without any of that hassle of going to a store :)
coming soon to a bittorrent client near you...
Different languages have different purposes, C has gravitated to a 'niche', system level stuff, situations where performance is more important than security (not everything is connected to the internet, impressions to the contrary). And - surprise - 30 years ago we were living in a different world security wise. The biggest problem with strcpy is not that it is 'inherently unsafe', it is that if you do not do proper input sanitation you can not rely on it.
This goes for most of the so called 'insecure' functions in C, they only become insecure if you have already messed up in an earlier stage of your code. If you are aware of the limitations of the standard library routines (even the unsafe ones) and you are operating in a 'hostile' environment (and todays internet certainly qualifies as such) then you'll need to take great care to accept only input that matches your assumptions in the code further down, if not you are in trouble. But good programmers will work like that anyway.
It's perfectly possible to write crappy code in *any* language, not just in C (though, in the words of one old timer programmer 'C is like a racecar, you can cut corners but if you do that too often you'll end on your side).
To come back to a fairly well thought out piece with an answer like what was written several levels above here is not in any way helping the discussion, it is simply insulting.
you're an absolute moron, if you read the above and actually grokked it then you'd realize that GP has a lot of *VERY* valid points.
Iain M. Banks
Greg Bear
James Blish
Stephen Baxter
(much older)
Frederik Pohl
C. M. Kornbluth
if you can find it 'the space merchants' is a really good read
enjoy !
on the *day* that I first even heard about google it was lightyears ahead of anything else on the market at the time, which is why I used it and stuck with it. That's how adoption on the web works. If you start sending out press releases about your 'launch' then you'd better be ready.
Wikipedia wasn't launched by a bunch of press releases in the alpha stage. Oh, and wikipedia gets a very large share of it's traffic from google soon to be a major competitor. We'll see how that 'do no evil' holds up. Already google is gearing up to launch it's own wikipedia competitor (which I also think is a misguided move, after google video and orkut you'd think they'd learned their lesson).
I tried it on a bunch of fairly simple queries and got nothing but extremely lousy results.
On the web first impressions really matter and I think wikia fails horribly in that respect.
Please Jimmy Wales go and fix wikipedia, it needs urgent attention, especially protection from editors running wild, and please, google go work on getting rid of that spam and fixing the rankings...
If you want to have an idea of where technlogy is headed.
:)
Read Neal Stephenson, go watch Gattaca but whatever you do don't bother reading PC magazine
ludicrousness covers the bs you spout quite well, thank you.
I have a very short list of 'foes' and you are now one of it's happy inmates, enjoy your stay there.
Intels' saleswoman did not do Intel a favour on this one, I just quit buying Intel. Nick Negroponte once again shows himself to be a man of integrity. A couple of bad pr moves like this and Intel might find itself chasing AMD for marketshare instead of the other way around, after all there really is nowhere else to go if you don't want to use Intel.
I actually fully agree with you, it was just that the numbers were misrepresented.
I have both linux & macs here, no windows though.
The linux folks should realize that choice is good, but that too much choice leads to fragmentation and that it is sometimes better to present a united front than to show that you too can do something half baked. There is simply too much ego in open source at the moment to get that solved.
It's not evidence, it's anecdote. If we'd apply the same standard of proof to god that we would apply to a shoplifting then religion would be out of business pretty quickly. The funny thing is that religion should be held to a *HIGHER* standard because of all the outrageous claims they make and the wisdom they claim to profess.
simply hook up any old USB 3 button mouse and be done with it.
someone has a problem with numbers:
Apple has almost doubled, linux has *MORE* than doubled in the same period of time. Also apple has a pretty big budget to promote their 'unix on the desktop' version, substantially more than all the producers of a desktop version of linux.
The surprise should be that in spite of having next to no budget linux did so well.
the same is happening in music. A 24 track studio would set you back a small fortune 2 decades ago, it's 1/th the size and 1/100th the cost now (*and* better quality)
Spot on. Give a movie director a $50 million budget and he'll burn it, that's for sure, but it won't neccesarily lead to better movies.
;) )
Real creativity is inspired by constraints, and a financial constraint is just another barrier to filter the truly creative from the shock-and-awe types.
Maybe we should put together a list of movies that had a $1M budget and that grossed a profit ? (excluding porn movies
a world without 50 million dollar action movies might actually be an improvement. :)
Snatch was 'low' budget, quite the action movie and did ok. Hollywood would have a bit of a problem but I don't think I would lose any sleep over it. Mel Gibson might have to get a day job