Interpreted languages have better runtime checking and thus can avoid things like buffer overruns, yes.
*SLAP*
There's no such thing as 'interpreted' or (compiled for that matter) language: particular language implementations are.
There are C interpreters and Java compilers around (check out GCJ, which compiles to native code).
And of course, any Turing-complete language interpreter/compiler can be written in any other Turing-complete language, so no, one don't have to implement compilers in C.
Re:We really need a different language
on
Secure Programming
·
· Score: 1
> Are you somehow recommending a kernel be written in something else than C???
Um.. why not?
> you have to realize that unless the underlying infrastructure is built (on some low level language), you can't have high level languages... in other words, the bottom line is Assembly.
> The average user will give you a blank stare if you say something like that.
OK, maybe it wasn't particularily good example. But, just because some dumbster doesn't needs an ability of doing fast complex searches, it doesn't makes them useless on a desktop PC. *I* and people of my environment would love this feature, and I don't give a flying fuck if someone's too unsophisticated to find uses for it.
An *average user* isn't making any meaningful use of his 3Ghz CPU either. Sould we dump them alltogether and resort to P133? They're adequate to run Word, after all!
"It's probably a man, because the tiles are obviously installed at night since nobody seems to have witnessed them being put in. It's unlikely a woman would risk being alone at night in a downtown environment."
Yeah, as if a person insane enough to put prophecy tiles into asphalt would drop the idea due to risk of being alone in a downtown environment.
Current filesystems are nothing more than hierarchial databases. While relatively straightforward to implement, hierarchial DBs have major drawbacks, e.g.
- Complex searches are slow; - Integrity control is hard; - There's no decent way to refer to an item in several distinct branches (hence the kludges like symlinks in filesystems).
Database world has been moving from hierarchal to relational DBMS since the late 70's. It's about time for filesystems to catch up.
>..the whole point of open source is that lots of developers can contribute.
In the case I mentioned, contibutions were maintained as separate packages. Moreover, it was possible to purchase a license for some of them as well (although we didn't need them).
> The only version you can sell is the original, buggy, less featured version.
The core part was maintained by a sigle author (in part because it was really large and sophisticated piece of work). I'd say that your scenario is certainly possible, although I doubt it is too widespread.
> Dual copyleft/proprietary licensing may work for development libraries (Qt, Sleepycat), but I don't know of one example anywhere of it working for end-user software.
Your point is valid, dual licensing is not the ultimate answer. However, the point was that one can't earn off a GPLed project. I think it is safe to agree that that was too broad statement.
> But because of things like the GPL, they've effectivly shot themselves in the foot.
If you dare to read the article, you'll find an amazing way of making money off GPL (look for 'Dual Licensing').
GPL requires the derived work sources to be published under the same license, which is unacceptable to many businesses. However, one can always bargain with author for separate license for their specific project.
Anecdotal evidence: I was involved in a proprietary project where we needed a very specific functionality. The opensource library doing just what we needed was there, but licensed under the terms of GPL. The contact with author revealed that he is perfectly willing to relicense it for us for a nice amount of $35000. And it really was an OK price because reimplementing the necessary functionality from scratch would cost the company considerably more, and we wouldn't fit into the timeframe anyway.
There is nothing new in such get-them-early tactics, and it certainly wasn't invented by Microsoft. UNIX gained its acceptance in 1970s-80s pretty much the same way: its copies were distributed across the universities free of charge. Very much due to that it became widespread and won the workstations market of that time, despite that there were technically superior alternatives.
A note for trigger-happy mods: I run GNU/Linux and hold no Windows partitions on my machines since 1999.
The problem with the bolt on approach is that there is no consistency of use in the Unix framework. You can add Kerberos but you have to separately Kerberize every application. Same for integration to a domain server or any other infrastructure.
Frankly, I don't see how this problem fades away with Windows. When they introduced, say, DCOM, application writers interested in this feature had to add supporting code - it didn't just appeared magically.
What you are talking about is the administrative issue of enforicng and following the standard, which is always easier in a single-vendor environment such as Windows. It has nothing to do with system architecture.
Also, I don't see how monolithic archtecture is inherently more secure than modular. Could you please elaborate on that? (I am aware that NT was based on microkernel; however besides the kernel there is the registry, Internet Explorer down the guts, VBA scripting all around and all-encompassing SYSTEM user).
Another thing is that even if theoretically NT security model is sound, in practice it is plagued by malpractice of applications requiring to run with SYSTEM priveleges. Clearly a person with such an impressive background as yours should know that e.g. it is impossible to run IIS under restricted user, so I just don't get which aspect of practical NT superiority over Linux you imply.
The data format is owned by Microsoft, it is underspecified and is apt to random changes from version to version.
While it is possible to write converters supporting to some degree some versions of Word format, they tend to work only for simple documents. If unsure, try importing a Word document with non-trivial markup or mathematical formulas into office suite of your choice. Or even try importing such a document from MS Word 97 to MS Word 2000...
Of course you have the right to criticize. However, in a meritocracy such as the Open Source community, your opinion is weighted against your contributions.
So if you take position of an armchair critic, don't be surprised when the community will neglect your opinion.
But if a sci-fi writer did come up with the idea first, should NASA get all the glory for making it real?
To the moment a Sci-Fi writer makes a story out of their idea, it has probably already came up to other people who just didn't bother putting it down on paper.
What would count is a working implementation or a viable design.
Yesterday Joe M. Oron was granted a patent for overnight delivery via teleportation.
"It enables transportation companies to deliver goods worldwide virtually instantly," Oron said. "Nobody has made a business like this."
This could be a big money-making operation for someone who wants to develop it," Oron said. "The patent shows someone who has knowledge of the Teleportation field how to make the invention. This could really shake up the way things are done in the world."
I suspect that the hot water was running more reliably there than in other places in the intervening 50-odd years.
Hot water was running reliably pretty much over all cities of USSR since the WWII. Today, Russia and many ex-Soviet states do experience problems with hot water, since the infrastructure was not decently maintained/upgraded since the early 90's.
I can tell you with confidence that Soivet Union had countless problems (and yes, with civilian sector production quality being one of the worst), but hot water supply wasn't one of them. I was born in USSR, but later spent a fair amount of time living and working in Germany and Norway, and the quality of water there isn't any better that what we have in my home region. The only noticable thing is the absence of two-week "maintenance outage" in the mid-summer, since the Western states exploit better-designed heating stations or use localized heating.
Since Estonia had a nice modern infrastructure before annexation, they avoided this problem to some degree.
Before that, Estonia was a rural state with poorly developed infarstructure. It could probably develop its own decent and spread hot water supply, alas, in our version of Universe, they had to use the Soviet version.
Once you rip and distribute, you create a trail, and all the RIAA needs is a few high-profile cases that take Freenet users and run them through the wash for distributing songs.
While RIAA possibly can find the guy who ripped the disk (with watermarks or whatever), they can't identify the Freenet users that host and download the tracks. Freenet coneals the idenitites of people that download, upload or host the content; or, rather, there is no way to tell the difference between them for outside spy/observer. This was one of the initial Freenet design goals, so Freenet is quite good at it.
Slashdot Mirror
Interpreted languages have better runtime checking and thus can avoid things like buffer overruns, yes.
*SLAP*
There's no such thing as 'interpreted' or (compiled for that matter) language: particular language implementations are.
There are C interpreters and Java compilers around (check out GCJ, which compiles to native code).
And of course, any Turing-complete language interpreter/compiler can be written in any other Turing-complete language, so no, one don't have to implement compilers in C.
> Are you somehow recommending a kernel be written in something else than C???
Um.. why not?
> you have to realize that unless the underlying infrastructure is built (on some low level language), you can't have high level languages... in other words, the bottom line is Assembly.
Yes, but the next level don't have to be C.
> The average user will give you a blank stare if you say something like that.
OK, maybe it wasn't particularily good example. But, just because some dumbster doesn't needs an ability of doing fast complex searches, it doesn't makes them useless on a desktop PC. *I* and people of my environment would love this feature, and I don't give a flying fuck if someone's too unsophisticated to find uses for it.
An *average user* isn't making any meaningful use of his 3Ghz CPU either. Sould we dump them alltogether and resort to P133? They're adequate to run Word, after all!
"It's probably a man, because the tiles are obviously installed at night since nobody seems to have witnessed them being put in. It's unlikely a woman would risk being alone at night in a downtown environment."
Yeah, as if a person insane enough to put prophecy tiles into asphalt would drop the idea due to risk of being alone in a downtown environment.
> How often does the average user do that?
> Like never?
No, like, when he suspects his system is infected with trojan or worm and he wants to get the list of executable files installed in last five days.
> Great, but who is going to often do complex enough searches for files that makes any sort of RDBMS worthwhile?
Try finding all executable files in your filesystem. Is such a query totally unreasonable?
> SQL is slow compared to things like BerkeleyDB
:) But modern RDBMSes have integrity control facilities as well.
BerkeleyDB is a hierarchial database. SQL is godzillion times faster on complex searches.
> Your database becomes corrupt, you lose everything.
Your filesystem becomes corrupt, you lose everything.
And yeah, I know about journaling, so don't bother
> How about a database filesystem based on set theory?
:)
I am not quite sure what do you mean here. In a way, everything is based on set theory
And what kind of set-theoretic capabilities you want? Many of them can already be done on relational databases efficiently: intersection, union, etc.
Current filesystems are nothing more than hierarchial databases. While relatively straightforward to implement, hierarchial DBs have major drawbacks, e.g.
- Complex searches are slow;
- Integrity control is hard;
- There's no decent way to refer to an item in several distinct branches (hence the kludges like symlinks in filesystems).
Database world has been moving from hierarchal to relational DBMS since the late 70's. It's about time for filesystems to catch up.
> ..the whole point of open source is that lots of developers can contribute.
In the case I mentioned, contibutions were maintained as separate packages. Moreover, it was possible to purchase a license for some of them as well (although we didn't need them).
> The only version you can sell is the original, buggy, less featured version.
The core part was maintained by a sigle author (in part because it was really large and sophisticated piece of work). I'd say that your scenario is certainly possible, although I doubt it is too widespread.
> Dual copyleft/proprietary licensing may work for development libraries (Qt, Sleepycat), but I don't know of one example anywhere of it working for end-user software.
Your point is valid, dual licensing is not the ultimate answer. However, the point was that one can't earn off a GPLed project. I think it is safe to agree that that was too broad statement.
The origial point was that one can't make money off a project if it GPLed. This is obviously doesn't holds.
There *are* viable, successful projects under GPL that do dual licensing. And the community still benefits from their existance.
> Modifications to the original authors code made by you will not be returned to the community of users for all.
I maintain that decent monetary compensation to the author will do more good to the life of a project than several minor application-specific tweaks.
> But because of things like the GPL, they've effectivly shot themselves in the foot.
If you dare to read the article, you'll find an amazing way of making money off GPL (look for 'Dual Licensing').
GPL requires the derived work sources to be published under the same license, which is unacceptable to many businesses. However, one can always bargain with author for separate license for their specific project.
Anecdotal evidence: I was involved in a proprietary project where we needed a very specific functionality. The opensource library doing just what we needed was there, but licensed under the terms of GPL. The contact with author revealed that he is perfectly willing to relicense it for us for a nice amount of $35000. And it really was an OK price because reimplementing the necessary functionality from scratch would cost the company considerably more, and we wouldn't fit into the timeframe anyway.
Aren't they used for years in large airport terminals?
Five bucks on November!
There is nothing new in such get-them-early tactics, and it certainly wasn't invented by Microsoft. UNIX gained its acceptance in 1970s-80s pretty much the same way: its copies were distributed across the universities free of charge. Very much due to that it became widespread and won the workstations market of that time, despite that there were technically superior alternatives.
A note for trigger-happy mods: I run GNU/Linux and hold no Windows partitions on my machines since 1999.
The problem with the bolt on approach is that there is no consistency of use in the Unix framework. You can add Kerberos but you have to separately Kerberize every application. Same for integration to a domain server or any other infrastructure.
Frankly, I don't see how this problem fades away with Windows. When they introduced, say, DCOM, application writers interested in this feature had to add supporting code - it didn't just appeared magically.
What you are talking about is the administrative issue of enforicng and following the standard, which is always easier in a single-vendor environment such as Windows. It has nothing to do with system architecture.
Also, I don't see how monolithic archtecture is inherently more secure than modular. Could you please elaborate on that? (I am aware that NT was based on microkernel; however besides the kernel there is the registry, Internet Explorer down the guts, VBA scripting all around and all-encompassing SYSTEM user).
Another thing is that even if theoretically NT security model is sound, in practice it is plagued by malpractice of applications requiring to run with SYSTEM priveleges. Clearly a person with such an impressive background as yours should know that e.g. it is impossible to run IIS under restricted user, so I just don't get which aspect of practical NT superiority over Linux you imply.
The data format is owned by Microsoft, it is underspecified and is apt to random changes from version to version.
While it is possible to write converters supporting to some degree some versions of Word format, they tend to work only for simple documents. If unsure, try importing a Word document with non-trivial markup or mathematical formulas into office suite of your choice. Or even try importing such a document from MS Word 97 to MS Word 2000...
Of course you have the right to criticize. However, in a meritocracy such as the Open Source community, your opinion is weighted against your contributions.
So if you take position of an armchair critic, don't be surprised when the community will neglect your opinion.
That's a lot!
But if a sci-fi writer did come up with the idea first, should NASA get all the glory for making it real?
To the moment a Sci-Fi writer makes a story out of their idea, it has probably already came up to other people who just didn't bother putting it down on paper.
What would count is a working implementation or a viable design.
Digital Perl Harbour on Information Superhighway!
Yesterday Joe M. Oron was granted a patent for overnight delivery via teleportation.
"It enables transportation companies to deliver goods worldwide virtually instantly," Oron said. "Nobody has made a business like this."
This could be a big money-making operation for someone who wants to develop it," Oron said. "The patent shows someone who has knowledge of the Teleportation field how to make the invention. This could really shake up the way things are done in the world."
I suspect that the hot water was running more reliably there than in other places in the intervening 50-odd years.
Hot water was running reliably pretty much over all cities of USSR since the WWII. Today, Russia and many ex-Soviet states do experience problems with hot water, since the infrastructure was not decently maintained/upgraded since the early 90's.
I can tell you with confidence that Soivet Union had countless problems (and yes, with civilian sector production quality being one of the worst), but hot water supply wasn't one of them. I was born in USSR, but later spent a fair amount of time living and working in Germany and Norway, and the quality of water there isn't any better that what we have in my home region. The only noticable thing is the absence of two-week "maintenance outage" in the mid-summer, since the Western states exploit better-designed heating stations or use localized heating.
Since Estonia had a nice modern infrastructure before annexation, they avoided this problem to some degree.
Before that, Estonia was a rural state with poorly developed infarstructure. It could probably develop its own decent and spread hot water supply, alas, in our version of Universe, they had to use the Soviet version.
Once you rip and distribute, you create a trail, and all the RIAA needs is a few high-profile cases that take Freenet users and run them through the wash for distributing songs.
While RIAA possibly can find the guy who ripped the disk (with watermarks or whatever), they can't identify the Freenet users that host and download the tracks. Freenet coneals the idenitites of people that download, upload or host the content; or, rather, there is no way to tell the difference between them for outside spy/observer. This was one of the initial Freenet design goals, so Freenet is quite good at it.