Giving a proper email address in a public forum is like posting your phone number on a billboard in times square, and then expecting nobody you don't want to call!
Posting my phone number on a billboard in times square should be like posting my email on a billboard in time square, not like posting my email on a few limited-interest mailing lists and web pages.
I don't expect that my email will be limited to those I particularly want to talk to. I do expect that it will be reasonable human beings with an interest in communicating with me. Fradulently titled commercial email that I get 7 copies of (3 email aliases and 4 mailing lists that I'm on) don't count.
I don't have an option to hide my email address, either. Besides my webpage, I'm a Debian maintainer (creating several publicly known aliases) and a contributer to several email lists with public archives.
And I don't put my e-mail in public places where spammers would look to pick it up. As far as I'm concerned if you get spammed, it's your fault.
I find it important that people reading my website can respond back to me. I don't see why me providing an email address so they can respond makes me at fault for getting spammed, any more than leaving a car in a parking lot while I shop makes me at fault for it getting stolen.
the downside of the pro-environment movement is that we have more efficient cars that cost a bit more
The downside of the pro-environment movement is that people die of heatstroke because they can't afford more expensive air conditioning. People die because of drugs and food that spoiled due to insufficent cooling or insufficent transportation.
Find an app you really like and then refuse to buy it until it goes out of business then try to get the owners of the source to donate it to the 'community' that put them out of business.;)
Find an app you really like, and buy the manual because they say they'll free the program if people buy enough manuals; then when they sell out of manuals they take it proprietary.
See http://slashdot.org/article.pl?sid=99/03/23/082524 5&mode=thread
Let the flames begin, but IMHO, the best RPG ever, *hands down* is Runequest.
Isn't that like saying a particular is the best novel of all times? Wuthering Hights and The Lord of the Rings have their fans, and aren't meaningfully comparable; likewise, Runequest and FUDGE have their fans, and aren't meaningfully compariable.
Name one widely used OS that has a perfect, glitch free metadata system? Windows has its problems, MacOS has its, Unix largely relies on extensions or ignores file metadata altogether.
But their glitches are predicatable and usually fixable on a file by file level. If a file is named foo.txt, Windows and Unix will handle it as a text file. I can change the filename and fix that. A Mac has a certain metadata that can be changed if it's wrong.
But in a file(1) system, there are unpredicatable and unfixable glitches. I have 200 text files in a directory, and 3 don't work. Why - I don't know, they just happen to match some magic. There's no way to fix it, short of messing with file(1)'s internal data, or changing the problematic file; the first is difficult and fruitless (as you can't, in general, tell a text file from another sort of file), and the second is unacceptable.
assigning a 15 INT simply for a Masters Degree indicates you've never actually dealt with people in graduate school
The INT calculation seem totally bogus to me. A Ph.D. was worth a 17, if you didn't put in your IQ. If you have a Ph.D. and a 212 IQ (it is plausable that there is someone in the world with that high an IQ), then you get a 15 INT. A 300 IQ (hah!) will bring it back up a 17. A 325 is an 18. So all the wizards running around any AD&D world with a 18 INT are brighter than any human ever.
Of all organisations that might be vulnerable to social engineering, I am least worried about the military.
A small team of men managed to literally roll an airplane out the back gate of an Air Force base, primarily using social engineering tactics. This team, hired by the military, found that military security wasn't all that it was cracked up to be.
if people only hire intelligent software engineers, no one will be able to social engineer anything.
How does *that* follow? Many social engineering attacks get the user to hand over username and password, and if you can't check IP (think mobile users) then you've just lost. At best you can contain it to that user's files, but that still may be a severe security leak.
Magicbits is a hack that gets perpetuated for one reason
Magic bits shouldn't be the only way to identify a file - they indeed have all the problems you mention. However, the reason why magic bits exist and will and should continue to exist, is because stuff doesn't always work right. Gnutella is filled with mislabeled files, and I've downloaded a file, just to come back and realized I've actually downloaded a 404 page and saved it as a zip. It's cheap and easy to put a few bytes at the start of your format and provide a way for a tool to fairly reliabaly tell whether it's really a TIFF file or not. It's good for verifying a file, not so much identifing a file.
I just think that the overwhelming majority of files *will* be machine-typable based on contents with hints
99% will. That last 1% will cause a lot of pain and stress everytime it comes up, though. I have a file of OCR'ed pages from a book, and 3 of them come up as MSX game cartridge dumps. A visual inspection reveals no reason, it just happened to match the magic. So what happens when I'm working through the directory? I hit page 178, and for no apparent reason, my system tries to load it into game emulator. There's no way to permentaly tell it that this is a text file, so either I have to mess with the hints or handle it manually everytime. Ugh, ugh, ugh.
What about the flip side, all the files that file doesn't match? Like the gcov files I was complaining about. They all have sane file extensions - in any system where metadata was included, the creator could easily have set it to "GCOV Basic Block data". It's a lot harder to get file to guess it, though, especially as it probably is an ad-hoc file format with no magic numbers.
Furthermore, if the metadata's wrong, I can usually blame on a program and possibly get a fix. I can also easily change the metadata on that file to fix it. file is not an exact tool, and cannot be an exact tool, and there's no way to fix it for one file, and it's a pain to add a file type.
adding a lot of extra data to the filesystem will cripple its speed in the long run.
The Be filesystem was known for being fast, and it had all this data. How's one string going to change things? There may be metadata that shouldn't go in the filesystem, but file type has a long history of being in the filesystem, and working nicely.
I think that the best way to do this would be to implement a file(1) into the system that other applications (file manager, desktop GUI, applications) could use to determine what a file is.
How much have you used file? According to it, about 10% of the Project Gutenberg texts (virtually plain text, with some HTML) are spreadsheets for some Apple program. I run it over a directory full of program source, executables and half compiled stuff, and get told I have DBase files, a PDP-11 overlay, Spectrum TAP data and X11 SNF font data, none of which is right. It calls the Ada code variants of ASCII text or ASCII English text. file's a great tool for manual use, but it has way too high a error ratio to be used automatically.
If what Mandrake has to offer is so great and they've done such great things that people find valuable then I would expect the freemarket to take care of things.
We _are_ the free market. Them asking for money, and people giving it to them _are_ all part of the free market.
Would anybody really be upset if we were only left with SuSE, Slackware, Debian (& RedHat I suppose).
Mandrake does a lot of work in internationalizing code and has bought and freed several programs. As a Debian developer, I certainly prefer them around to SuSE, who rarely helps anyone but themselves.
Save the money would would normally spend to bail out a distro company, and instead spend it on Linux apps. (Have you forgotten about Loki already?)
Why do I care about Loki? What Linux apps do I want to spend money on? Mandrake has given me much more than spending money on any Linux apps would.
Interestingly enough, Ada's big market is the embedded market. At the same time, it's known for all the automatic checks. Hmm..
Checks should be at the *programmer's descretion*, not at the whim of a compiler or language.
Most good languages let you turn off checking when and where you need it turned off. Do you really enjoy typing the bounds checking code over and over, or do you just cut corners?
You can write safe code in any language. Likewise you can write bad code in any language. Languages are *not* the silver bullet to the problem, but you for whatever reason think they are.
Fine. You write a matrix multiplication routine in C, and I'll do it in APL. I bet I'll have a correct implementation long before you, and it'll probably be faster, to boot.
Languages aren't a silver bullet, but it's much easier to let someone else do the work, and much more reliable to boot. A compiler always puts in the bounds checking statements and always gets it right. If there's a bug, then you fix it in one place. For bounds checking, any array overflow security hole in a language with decent bounds checking is either a bug in the compiler or the programmer turning off bounds checking. That's a huge difference from the large number of bounds checking bugs in C.
Self-compiling is an easily-verifyable milestone in a compiler's development. It was first achieved in 1973 when N. Wirth wrote a Pascal compiler in Pascal and hand-compiled it, then ran the hand-compiled compiler on itself.
Was Wirth really the first? "Compilers and Compiler Generators" says
The ICL bootstrap is further described by Welsh and Quinn (1972). Other early insights into bootstrapping are to be found in papers by Lecarme and Peyrolle-Thomas (1973)
and I seem to remember the first LISP systems being bootstrapped, too.
Not to increase conspiracy paranoia, but it's entirely possible that the government has their own completely seperate design, fab, etc on a whole line of top secret processors that is all top secret.
A multi-billion dollar project - so we can see how a nuke explodes? It makes much more sense to use that money to keep bases open or build more planes and warships, considering how tight the military budget has been recently.
That's the thing about secrecy, you never know!
Ergo, cognito sum. We truely know almost nothing. Rational deduction from sensory input can lead us far, though.
You cant believe what the government says, classified means they wont tell you about it or will lie to you until they are read to announce it.
The question is how did they have the computer power? Even for the military, these computer prices are a bit expensive, and with Moore's law, we haven't had the computing power available at any cost until recently.
lack of any of mentioned things isn't without a price -- it's either performance or functionality.
Better languages will offer a choice to turn off bounds checking or garbage collection in specific places, if you really need that speed. Also, it's easier for a compiler to optimize away automatic bounds checking rather than manual bounds checking, since it knows exactly what it's looking for.
But, yes, there's always tradeoffs. But I don't feel a need to provide the fastest system for script kiddies to use as a DOS platform.
And also it's worth to remember that none of so-called "modern" languages are self-hosted, they all are written in something else that has all those features they are so proud of lacking.
The object oriented paradigm isn't the only paradigm out there.
True, and interestingly enough, Ada supports all the paradigms that C++ does - procedural, object orientated, generic.
You may say it's object oriented
Are you claiming it isn't?
but it doesn't support MI, partial specialization, or operator overloading
Partial specialization has nothing to do with object orientation, and Ada does support operator overloading, and always has.
The fact is that there is an aweful lot of code written in C/C++ and the percentage of exploits to number of SLOCS of C/C++ is not as high as many would like you to believe.
That's not an interesting number. The absolute number of exploits is much more interesting, and it's much too high, and too many of them are the same old buffer overflows.
having access to those features allow for extremely efficent code to be written by more experienced programmers.
But I have access to those features in Ada. I just have to turn array overflow checking off. Unsafe features just aren't the default.
When in the world did Ada become a modern language???
Why isn't it a modern language? It's got object orientation, templates, all the features you'd expect out of a modern language.
I beg to differ about C being less efficent than assembly. Anything that can be done in assembly can be done just as effectently in C.
Can I have what you're smoking? A person with unlimited time can always beat a compiler at optimization, if only because he can look at the compiler's output.
C is a great language. C++ is a better language because it has many more features.
So you can measure the goodness of a programming language by counting features? Then PL/I is much better than C. Why did so many people use C then?
C++ has any (and probably more) features than SML, ADA, & Eiffel.
I take it you aren't familiar with those languages? Among other things, Ada has tasking and Eiffel has preconditions and postconditions, neither of which are in C++.
A language shouldn't be gauged on how idiot-proof it is though.
There are no perfect programmers. If many good programmers make a particular style of error that results in a root hole because of a language, perhaps some other language should be used. The other solution, hire only perfect programmers, doesn't work because they don't exist.
The issue is not necessarily efficency. It's about control.
And again, assembly gives you more control than C. If it didn't, then you wouldn't see Linux (the kernel) developers show up on the GCC lists every so often complaining about the latest (ISO C legal) optimization that broke Linux.
The fact is, you can do ANYTHING in C.
Duh. In its weakest sense, that's trivially true - all programming languages have the same power as a Turning machine. In a stronger sense, it's not true - there are parts of the kernel written in assembly because they can't be written in C. There's no way to use the hardware BCD commands from C, short of inline assembly. (And, yes, C is not the only language to let you use inline assembly.)
If you want garbage collection, get a library, or make your own. [...]
And then I end up using a kludgy half assed solution that's either non-portable, painful to use, and/or increadibly slow. Gee, thanks. A properly garbage collected language will be faster and more reliably garbage collected than anything you can do with C.
it's not any worse than using a language that supports those features because in all likelyhood that "other" languages was written in C.
Huh? Besides the incorrect assumption that all compilers and interpreters are written in C (a huge number bootstrap), there are worlds of difference what can be done with built-in syntax and hacked up macros and functions. The built-in syntax usually runs faster (since the compiler knows exactly what to look for to optimize), is usually more convienent to use, and nobody accidently uses malloc or native arrays if GC and bounds checking are built in.
But to expect software developers who write based upon existing libraries and code concepts they have developed over decades of work to stop and try writing their apps in an experimental (and YES, pretty damn potentially exploitable itself being so new) language is just silly.
Huh? The first Ada standard came out in 1983, 6 years before the first C standard. The latest Ada standard came out in 1995, 4 years before the latest C standard. What's so experimental about that?
I have not had to download a new version of gcc and recompile my OS/kern/3rd party apps due to a "C vulnerability".
I take it you missed the whole remote hole due to globbing bug in glibc issue, then?
Using experimental non-prooven ( 10 years?) languages for OS/kern/apps is a pretty stupid risk.
So Kerrigan and Richtie were pretty stupid for writing their new OS in C, weren't they? They should have stuck with assembly and Fortran, should't they?
Somebody's got to prove the things. Considering the number of security holes due to things in C that other languages would prevent, and the comparitive rarity of compiler security holes (and it's a lot easier to fix bugs in one code base than a thousand), I'd say you're looking pretty good.
We write such servers in C for one reason: speed. The users demand it. Java has too many resource requirements (CPU, memory) for ultra high traffic on a single uniprocessor box.
Besides the fact that Java is not the only modern language, I really don't care about "ultra high traffic". If my sshd gets two connections, I'm multitasking; three I've probably been hacked. I don't need it to be faster; I need it to be secure and simple to set up and admin. Maybe the big sites should be running something else, but probably 99% of the sites that run ssh don't get heavy ssh traffic. Those sites need to worry about being hacked more than they need to worry about that last 20% of sshd speed. (If sshd is taking up 39 seconds of cpu time over 8 weeks, then 20% is a second a week; for more security, it's a great tradeoff.)
Slashdot Mirror
Giving a proper email address in a public forum is like posting your phone number on a billboard in times square, and then expecting nobody you don't want to call!
Posting my phone number on a billboard in times square should be like posting my email on a billboard in time square, not like posting my email on a few limited-interest mailing lists and web pages.
I don't expect that my email will be limited to those I particularly want to talk to. I do expect that it will be reasonable human beings with an interest in communicating with me. Fradulently titled commercial email that I get 7 copies of (3 email aliases and 4 mailing lists that I'm on) don't count.
I don't have an option to hide my email address, either. Besides my webpage, I'm a Debian maintainer (creating several publicly known aliases) and a contributer to several email lists with public archives.
And I don't put my e-mail in public places where spammers would look to pick it up. As far as I'm concerned if you get spammed, it's your fault.
I find it important that people reading my website can respond back to me. I don't see why me providing an email address so they can respond makes me at fault for getting spammed, any more than leaving a car in a parking lot while I shop makes me at fault for it getting stolen.
The missing ingredient is an incorruptible lawmaker with power to enforce. [...] the obvious candidate for the seat is God.
It's a shame he's corrupt and doesn't care to do any practical enforcing, then.
the downside of the pro-environment movement is that we have more efficient cars that cost a bit more
The downside of the pro-environment movement is that people die of heatstroke because they can't afford more expensive air conditioning. People die because of drugs and food that spoiled due to insufficent cooling or insufficent transportation.
If all of you send me, say, 50 bucks, I will happily give you a collection of free software other people wrote as well...
What about the stuff that you wrote? Or that stuff that you paid to be released as free software? Or how about the hours of packaging and bug testing?
Find an app you really like and then refuse to buy it until it goes out of business then try to get the owners of the source to donate it to the 'community' that put them out of business. ;)
4 5&mode=thread
Find an app you really like, and buy the manual because they say they'll free the program if people buy enough manuals; then when they sell out of manuals they take it proprietary.
See http://slashdot.org/article.pl?sid=99/03/23/08252
and other early slashdot.
Let the flames begin, but IMHO, the best RPG ever, *hands down* is Runequest.
Isn't that like saying a particular is the best novel of all times? Wuthering Hights and The Lord of the Rings have their fans, and aren't meaningfully comparable; likewise, Runequest and FUDGE have their fans, and aren't meaningfully compariable.
Name one widely used OS that has a perfect, glitch free metadata system? Windows has its problems, MacOS has its, Unix largely relies on extensions or ignores file metadata altogether.
But their glitches are predicatable and usually fixable on a file by file level. If a file is named foo.txt, Windows and Unix will handle it as a text file. I can change the filename and fix that. A Mac has a certain metadata that can be changed if it's wrong.
But in a file(1) system, there are unpredicatable and unfixable glitches. I have 200 text files in a directory, and 3 don't work. Why - I don't know, they just happen to match some magic. There's no way to fix it, short of messing with file(1)'s internal data, or changing the problematic file; the first is difficult and fruitless (as you can't, in general, tell a text file from another sort of file), and the second is unacceptable.
assigning a 15 INT simply for a Masters Degree indicates you've never actually dealt with people in graduate school
The INT calculation seem totally bogus to me. A Ph.D. was worth a 17, if you didn't put in your IQ. If you have a Ph.D. and a 212 IQ (it is plausable that there is someone in the world with that high an IQ), then you get a 15 INT. A 300 IQ (hah!) will bring it back up a 17. A 325 is an 18. So all the wizards running around any AD&D world with a 18 INT are brighter than any human ever.
Of all organisations that might be vulnerable to social engineering, I am least worried about the military.
A small team of men managed to literally roll an airplane out the back gate of an Air Force base, primarily using social engineering tactics. This team, hired by the military, found that military security wasn't all that it was cracked up to be.
if people only hire intelligent software engineers, no one will be able to social engineer anything.
How does *that* follow? Many social engineering attacks get the user to hand over username and password, and if you can't check IP (think mobile users) then you've just lost. At best you can contain it to that user's files, but that still may be a severe security leak.
Magicbits is a hack that gets perpetuated for one reason
Magic bits shouldn't be the only way to identify a file - they indeed have all the problems you mention. However, the reason why magic bits exist and will and should continue to exist, is because stuff doesn't always work right. Gnutella is filled with mislabeled files, and I've downloaded a file, just to come back and realized I've actually downloaded a 404 page and saved it as a zip. It's cheap and easy to put a few bytes at the start of your format and provide a way for a tool to fairly reliabaly tell whether it's really a TIFF file or not. It's good for verifying a file, not so much identifing a file.
I just think that the overwhelming majority of files *will* be machine-typable based on contents with hints
99% will. That last 1% will cause a lot of pain and stress everytime it comes up, though. I have a file of OCR'ed pages from a book, and 3 of them come up as MSX game cartridge dumps. A visual inspection reveals no reason, it just happened to match the magic. So what happens when I'm working through the directory? I hit page 178, and for no apparent reason, my system tries to load it into game emulator. There's no way to permentaly tell it that this is a text file, so either I have to mess with the hints or handle it manually everytime. Ugh, ugh, ugh.
What about the flip side, all the files that file doesn't match? Like the gcov files I was complaining about. They all have sane file extensions - in any system where metadata was included, the creator could easily have set it to "GCOV Basic Block data". It's a lot harder to get file to guess it, though, especially as it probably is an ad-hoc file format with no magic numbers.
Furthermore, if the metadata's wrong, I can usually blame on a program and possibly get a fix. I can also easily change the metadata on that file to fix it. file is not an exact tool, and cannot be an exact tool, and there's no way to fix it for one file, and it's a pain to add a file type.
adding a lot of extra data to the filesystem will cripple its speed in the long run.
The Be filesystem was known for being fast, and it had all this data. How's one string going to change things? There may be metadata that shouldn't go in the filesystem, but file type has a long history of being in the filesystem, and working nicely.
I think that the best way to do this would be to implement a file(1) into the system that other applications (file manager, desktop GUI, applications) could use to determine what a file is.
How much have you used file? According to it, about 10% of the Project Gutenberg texts (virtually plain text, with some HTML) are spreadsheets for some Apple program. I run it over a directory full of program source, executables and half compiled stuff, and get told I have DBase files, a PDP-11 overlay, Spectrum TAP data and X11 SNF font data, none of which is right. It calls the Ada code variants of ASCII text or ASCII English text. file's a great tool for manual use, but it has way too high a error ratio to be used automatically.
If what Mandrake has to offer is so great and they've done such great things that people find valuable then I would expect the freemarket to take care of things.
We _are_ the free market. Them asking for money, and people giving it to them _are_ all part of the free market.
Would anybody really be upset if we were only left with SuSE, Slackware, Debian (& RedHat I suppose).
Mandrake does a lot of work in internationalizing code and has bought and freed several programs. As a Debian developer, I certainly prefer them around to SuSE, who rarely helps anyone but themselves.
Save the money would would normally spend to bail out a distro company, and instead spend it on Linux apps. (Have you forgotten about Loki already?)
Why do I care about Loki? What Linux apps do I want to spend money on? Mandrake has given me much more than spending money on any Linux apps would.
Not for the embedded market, and consoles!
Interestingly enough, Ada's big market is the embedded market. At the same time, it's known for all the automatic checks. Hmm..
Checks should be at the *programmer's descretion*, not at the whim of a compiler or language.
Most good languages let you turn off checking when and where you need it turned off. Do you really enjoy typing the bounds checking code over and over, or do you just cut corners?
You can write safe code in any language. Likewise you can write bad code in any language. Languages are *not* the silver bullet to the problem, but you for whatever reason think they are.
Fine. You write a matrix multiplication routine in C, and I'll do it in APL. I bet I'll have a correct implementation long before you, and it'll probably be faster, to boot.
Languages aren't a silver bullet, but it's much easier to let someone else do the work, and much more reliable to boot. A compiler always puts in the bounds checking statements and always gets it right. If there's a bug, then you fix it in one place. For bounds checking, any array overflow security hole in a language with decent bounds checking is either a bug in the compiler or the programmer turning off bounds checking. That's a huge difference from the large number of bounds checking bugs in C.
Was Wirth really the first? "Compilers and Compiler Generators" says and I seem to remember the first LISP systems being bootstrapped, too.
Not to increase conspiracy paranoia, but it's entirely possible that the government has their own completely seperate design, fab, etc on a whole line of top secret processors that is all top secret.
A multi-billion dollar project - so we can see how a nuke explodes? It makes much more sense to use that money to keep bases open or build more planes and warships, considering how tight the military budget has been recently.
That's the thing about secrecy, you never know!
Ergo, cognito sum. We truely know almost nothing. Rational deduction from sensory input can lead us far, though.
You cant believe what the government says, classified means they wont tell you about it or will lie to you until they are read to announce it.
The question is how did they have the computer power? Even for the military, these computer prices are a bit expensive, and with Moore's law, we haven't had the computing power available at any cost until recently.
lack of any of mentioned things isn't without a price -- it's either performance or functionality.
Better languages will offer a choice to turn off bounds checking or garbage collection in specific places, if you really need that speed. Also, it's easier for a compiler to optimize away automatic bounds checking rather than manual bounds checking, since it knows exactly what it's looking for.
But, yes, there's always tradeoffs. But I don't feel a need to provide the fastest system for script kiddies to use as a DOS platform.
And also it's worth to remember that none of so-called "modern" languages are self-hosted, they all are written in something else that has all those features they are so proud of lacking.
So I was just imagining SmallEiffel and SML/NJ.
The object oriented paradigm isn't the only paradigm out there.
True, and interestingly enough, Ada supports all the paradigms that C++ does - procedural, object orientated, generic.
You may say it's object oriented
Are you claiming it isn't?
but it doesn't support MI, partial specialization, or operator overloading
Partial specialization has nothing to do with object orientation, and Ada does support operator overloading, and always has.
The fact is that there is an aweful lot of code written in C/C++ and the percentage of exploits to number of SLOCS of C/C++ is not as high as many would like you to believe.
That's not an interesting number. The absolute number of exploits is much more interesting, and it's much too high, and too many of them are the same old buffer overflows.
having access to those features allow for extremely efficent code to be written by more experienced programmers.
But I have access to those features in Ada. I just have to turn array overflow checking off. Unsafe features just aren't the default.
When in the world did Ada become a modern language???
Why isn't it a modern language? It's got object orientation, templates, all the features you'd expect out of a modern language.
I beg to differ about C being less efficent than assembly. Anything that can be done in assembly can be done just as effectently in C.
Can I have what you're smoking? A person with unlimited time can always beat a compiler at optimization, if only because he can look at the compiler's output.
C is a great language. C++ is a better language because it has many more features.
So you can measure the goodness of a programming language by counting features? Then PL/I is much better than C. Why did so many people use C then?
C++ has any (and probably more) features than SML, ADA, & Eiffel.
I take it you aren't familiar with those languages? Among other things, Ada has tasking and Eiffel has preconditions and postconditions, neither of which are in C++.
A language shouldn't be gauged on how idiot-proof it is though.
There are no perfect programmers. If many good programmers make a particular style of error that results in a root hole because of a language, perhaps some other language should be used. The other solution, hire only perfect programmers, doesn't work because they don't exist.
The issue is not necessarily efficency. It's about control.
And again, assembly gives you more control than C. If it didn't, then you wouldn't see Linux (the kernel) developers show up on the GCC lists every so often complaining about the latest (ISO C legal) optimization that broke Linux.
The fact is, you can do ANYTHING in C.
Duh. In its weakest sense, that's trivially true - all programming languages have the same power as a Turning machine. In a stronger sense, it's not true - there are parts of the kernel written in assembly because they can't be written in C. There's no way to use the hardware BCD commands from C, short of inline assembly. (And, yes, C is not the only language to let you use inline assembly.)
If you want garbage collection, get a library, or make your own. [...]
And then I end up using a kludgy half assed solution that's either non-portable, painful to use, and/or increadibly slow. Gee, thanks. A properly garbage collected language will be faster and more reliably garbage collected than anything you can do with C.
it's not any worse than using a language that supports those features because in all likelyhood that "other" languages was written in C.
Huh? Besides the incorrect assumption that all compilers and interpreters are written in C (a huge number bootstrap), there are worlds of difference what can be done with built-in syntax and hacked up macros and functions. The built-in syntax usually runs faster (since the compiler knows exactly what to look for to optimize), is usually more convienent to use, and nobody accidently uses malloc or native arrays if GC and bounds checking are built in.
But to expect software developers who write based upon existing libraries and code concepts they have developed over decades of work to stop and try writing their apps in an experimental (and YES, pretty damn potentially exploitable itself being so new) language is just silly.
Huh? The first Ada standard came out in 1983, 6 years before the first C standard. The latest Ada standard came out in 1995, 4 years before the latest C standard. What's so experimental about that?
I have not had to download a new version of gcc and recompile my OS/kern/3rd party apps due to a "C vulnerability".
I take it you missed the whole remote hole due to globbing bug in glibc issue, then?
Using experimental non-prooven ( 10 years?) languages for OS/kern/apps is a pretty stupid risk.
So Kerrigan and Richtie were pretty stupid for writing their new OS in C, weren't they? They should have stuck with assembly and Fortran, should't they?
Somebody's got to prove the things. Considering the number of security holes due to things in C that other languages would prevent, and the comparitive rarity of compiler security holes (and it's a lot easier to fix bugs in one code base than a thousand), I'd say you're looking pretty good.
We write such servers in C for one reason: speed. The users demand it. Java has too many resource requirements (CPU, memory) for ultra high traffic on a single uniprocessor box.
Besides the fact that Java is not the only modern language, I really don't care about "ultra high traffic". If my sshd gets two connections, I'm multitasking; three I've probably been hacked. I don't need it to be faster; I need it to be secure and simple to set up and admin. Maybe the big sites should be running something else, but probably 99% of the sites that run ssh don't get heavy ssh traffic. Those sites need to worry about being hacked more than they need to worry about that last 20% of sshd speed. (If sshd is taking up 39 seconds of cpu time over 8 weeks, then 20% is a second a week; for more security, it's a great tradeoff.)