I think a far more reasonable approach is to allow nonprofit redistribution of copyrighted works which the copyright holder no longer makes available for sale.
Another approach would be to require an exponentially increasing fee of the copyright holder each year to maintain the copyright of a work, thus guaranteeing that the work will eventually enter the public domain once it no longer serves a rational benefit to the copyright holder.
If you incorporate GPL'd code into custom software, the only people who are entitled to the source code of the program are the entities who receive the binary of the program -- not just anyone who wants the source.
Wrong. Have you read the GPL? See section 3b. If you do not distribute the source to the recipient of the binary, you must provide offer valid for any third party to request the source from you. So yes, other folks can very well be entitled to the source code of the program under the GPL if you don't give your customer the source up front.
Obviously you are calling the printf() in the C standard library, since -lc is implied when you compile a C program. If your standard library does not provide printf(), it is broken.
the predominance of C++ in application development stands in no proportion to its suitability for most high-level problems.
I fail to see a character string issue that cannot be solved with a wrapper class or a smart pointer.
GREAT, so people will write insecure code in C until some day they are experienced enough to use it safely!
Exactly. And until they have demonstrated their competency, their code should not be used in security-critical environments.
*whuppdidu*. so you NEVER allocated a string one short, i assume. maybe you are even infallible!
Of course I have, and I also don't place non-debugged and/or unaudited code into a production environment. I guess others have lower standards, but they get what's coming to them. You can make very insidious mistakes in high level languages too.
the point of high-level programming languages is to reduce the binding between your machine and your programs and to offer a sane standard library which will allow you to write acceptable code with a few months!
Quite. However, "high-level programming" is all relative. C is high-level compared to assembly. The C standard library provides functions such as snprintf, fgets, and strncpy which are usually suitably safe. If those functions cramp your style, use something like glib instead.
it takes you such a long time to learn all its hidden traps
Please elaborate. Perhaps instead of traps, you meant unfamiliar nuances. That's not a euphemism unless you regard the language as hostile, which is a ludicrous notion. C just exists. You either know how to use it or you don't. Petulance and indignation do not substitute for learning.
that I don't see it as the suitable standard language for your average problem.
Right. So who was claiming that C was the right tool for the average problem? The frequent ill-informed argument from CS 101 types is that C is the wrong tool for any problem and that {Java|PHP|Python} is the universally correct tool.
how can you be so arrogant?? "beyond my capability"!!!
You used a specious argument to support your general claim that C is useless because there is no native string type. I supposed that this was something that you had encountered, and instead of learning something from your mistake, decided to bash the language; that is a common reaction by frustrated people new to C.
but i don't even think that you never made a mistake using them, so you better show some humility!
Exactly how am I displaying arrogance? Of course I have made mistakes with pointers as I learned the language. I don't make them any more, and that's because I recognized their utility and learned how to use them properly rather than blaming the language.
to avoid all the syscalls involving C char pointers! (for example: using ostream::write will require you to use char pointers!
And what would be your solution to this? Introduce an opaque string type into the kernel interface alongside the existing read/write functions?
please be a little humbler before accusing others of being incapable of using some arcane and dangerous technique
I think you are reading emotions into my words that are not there. I find nothing arcane or dangerous about C strings at the hands of a competent programmer, no more than I find a loaded gun in the hands of a responsible and trained person dangerous.
There is a rather salient argument against people new and inexperienced with C writing code that is accessible from outside a particular machine, so let's leave the conclusion at that: C newbies should not be writing networked code; and not try to extend that conclusion to say that C is invariably a munition waiting to explode no matter who is writing the code.
Sorry about that. I read only one part of your post and assumed what the question was instead of actually reading... anyway, if you're on a Unix system, sudo works great:D
Why don't you chill out? I am a mod_perl developer. What I meant by that comment is that you don't find mod_perl hosting environments as readily as PHP or ASP hosting environments, because mod_perl isn't provided in turnkey server setups that web hosting farms set up for their co-los. The reason for that is because Perl isn't seen as a web development language like PHP or ASP so it's not on the list of prerequisites for a web-server-in-a-box. Wishful thinking won't change that, only more people using mod_perl will.
Perl is a language, so it follows that it is a communication medium. By that it should be able to communicate something to a party outside just the author and the perl interpreter.
Perl source does communicate, with people who know Perl. That's like saying English is a useless language because it is constructed ad-hoc and because the complainer has never been bothered to learn it. The fact that some people find English difficult makes English no less useful to people who most easily express or comprehend ideas in it.
IMO, "the right job" for perl is about 2% of all programming tasks out there.
Nice statistic. Where's your breakdown of all programming tasks, and the reasoning for the other 98% why Perl is not the right tool for the job?
This is evident by the fact that even though perl was the prominent CGI language of the mid-nineties, it lost the overwhelming majority of that interest with alarming speed.
That has nothing to do with Perl the language, and everything to do with the shift towards languages which are designed to execute within a web server process without forking. mod_perl fills this hole, but as a general purpose language it is not as tightly integrated with a web server environment as something like PHP or ASP.
Too late for that - NX is a standarad feature on x86 and has been for a long time. It is probably included in the other major architectures as well.
Two problems:
1: NX on x86 has always been on a per-segment basis. The execute protection bit on pages was curiously omitted. Intel was assuming back then that everyone would be using a segmented memory model instead of a flat memory model, apparently. The existing x86 stack protection hacks exploit the per-segment protections at the expense of speed.
2: NX protection has not existed until recently on some other notable architectures, like MIPS and PowerPC.
why be so masochistic to use C/C++ when you could use some real high-level language?
Because frequently it's the right tool for the job. Such as a lot of things, when you leave apparently religious preferences out of the debate.
Is it difficult to prevent buffer overflows?
YES!
For inexperienced C (or likewise, assembly) programmers, you are correct. Perhaps those people should not be producing software in C that needs to be secure.
in that case the strncpy is just BOGUS!!
Your example is bogus. Not everything stored in a C array is a string, and anyway, using strncpy (and then setting strlen(str)-1 to '\0' prevents any problem with that code assuming the array was null terminated in the first place.
how exactly are you going to find the last character if the string isn't null-terminated.
There's no such thing as a C string that isn't null-terminated. Once the null terminator has been lost, the data stored in the array is no longer a C string. It follows that if you want your array to remain a valid string, you had best preserve the null terminator.
but if strings were simply managed by adding the string length to the data type
You are free to write your own string struct/class that does this. In fact there are quite a few that exist already. You have the choice not to use C strings, so it seems ridiculous for you to continue to use them when you have demonstrated that they are beyond your capability.
it's just not the right language for the job!
How do you know that? What is the job? Or are you just generalizing?
Oh, and back to the refresh rate differences. Games sync to the refresh rate of a TV, a rate that your CRT cannot do as it is a really low refresh rate.
WTF? What's so weird about 60Hz, the NTSC refresh rate? Yes, that's exactly how often the VBLank interrupt is triggered in the hardware, so I don't see the problem...
You might also recall Jeff Merkey as the fellow who wrote the Netware filesystem driver for Linux. He ignored all the potential legal ramifications of NWFS being a work-for-hire and having access to internal Novell documents, and hence nobody is touching the code with a ten foot pole these days.
1. P6 and later Intel CPUs have had register renaming and more internal registers for a long time now. The big problem with this approach is that the compiler can't help you at all, so for performance you are completely dependent on the hardware's instruction reordering, branch prediction, and speculative execution. It would be difficult for me to agree that Intel was left behind in any large part because of its legacy appearance to the programmer - the P6 core was an excellent performer for a long time considering its roots.
2. CPU and PCI memory accesses are independent and mutually exclusive. Considering that the alternative to PCI DMA would be the CPU shuffling one word at a time to the board, I don't really see what the problem is here.
What's the best way to take care of existing cat dander on furniture/carpet, and to make a normal allergen-producing cat less offensive to someone who is allergic? I've seen various methods touted by manufacturers of cure-alls, but no independent studies on what methods actually work.
Not for anything unrelated to the kernel or its modules.
Sooooooo, compiling a new kernel doesn't require a reboot??
No, silly, it's booting the new kernel that requires the reboot. Which can be easily scheduled at a future time by the sysadmin with 'at' or 'reboot' commands.
Alllllll those errata pages for linux are there for giggles, since it has no flaws???????
"No flaws"? You must be hallucinating or trying to burn a straw man, since there was no such claim made.
Point is, Linux does have flaws, and does need rebooting for MAJOR fixes, such as a kernel flaw, as Windows does.
Nobody is contesting that Linux needs to be rebooted to change over to a fixed kernel. The point of dispute is that Windows must be rebooted for many fixes which have nothing to do with the kernel. This is an inconvenience at best, and occasionally a show-stopper.
Think of linux users as a gym full of pro boxers. Think of MS user as a gym full of weight watchers (bloatware jab at MS intended).
I'm not sure if that analogy fits. There are quite a number of experienced and inexperienced users on both sides.
So if the users don't want to be 'mugged', they need to RTFM and stop blaming the OS for THIER mistakes.
THEIR mistakes do not always include something preventable by preemptive action. Many security bulletins are generated from a working exploit already in the wild. That would imply that at least one user has had his machine compromised through no fault of his own.
They could start by examining the Rendition pipeline and functional units. The documentation for the chip is available on the web, google for v2200spec.pdf. A MIPS-like RISC core surrounded by peripherals for the heavy graphics lifting looks like the design everyone else has gone with since then.
"I can take this code and do whatever I want with it, but must also give away everything I've done to improve upon it."
Yes, you must give the source code of derived works to your customer if you sell them the binary.
The GPL is great while you're in college. The BSD license is good for a capitalistic society
People releasing their code under the BSD license is a great boon for proprietary vendors. The GPL seems to keep a lot of open source vendors in business. I don't see how either is better or worse for capitalism, but nice try anyway.
This forum has majority of coders, yet you limit your arguments to non coders.
The vast majority of the real world, for whom a particular piece of software will be relevant or non-relevant, are non-coders.
for you claiming it's unrestrictive
I didn't claim it's unrestrictive. I claimed it's unrestrictive in the way that matters to the vast majority of people who will ever encounter a GPL application.
You don't get it. They are both buggy. That is why you have to split hairs about vulnerabilities...
Are you aware that not all bugs are equivalent in damage potential? The very fact that you list local rooters on the same scale as remote rooters betrays a large amount of ignorance.
Plus read my other posting on this thread about sendmail
Sendmail doesn't have anything to do with Linux, except that some Linux distributions ship it. So rag on those distributions. Sendmail is a joke and people have known this for at least 20 years.
and apache
Anyone who runs apache as root has no idea what they are doing. You have to use at least two exploits to gain control of a system through Apache, as it is installed under a non-root uid in every distribution I know of.
But hey, don't let the facts get on the way of your prejudices.
Oh, I get it, you're one of those "fair and balanced" people for whom there is no right answer to anything. Any preference one way or the other is automatically considered to be prejudice or religion. Give me a break. Some designs are sane, and others are not. Microsoft started out with NT as the Not-Unix, and slowly is re-learning every lesson Unix had already had to deal with.
Restrictive? Exactly in what way does the GPL restrict the end user of the software? The answer is none, just like the BSD license.
Or do you mean free as in free to take my code and leverage a proprietary advantage against me? No thanks, I'll take the level playing field the GPL gives me, even if it means I have to respect the political or commercial views of other developers in return.
I'm grateful for people who release their code under a BSD license, but license wars are stupid. Licenses are a result of economics which is pinned to what motivates each developer. If you are motivated enough to give away your code with no strings attached, good for you. It's too bad you resent my good will in granting all rights to my users, and only reserving distribution rights for derived binaries, considering I would not be motivated to write free software otherwise.
Slashdot Mirror
Another approach would be to require an exponentially increasing fee of the copyright holder each year to maintain the copyright of a work, thus guaranteeing that the work will eventually enter the public domain once it no longer serves a rational benefit to the copyright holder.
Obviously you are calling the printf() in the C standard library, since -lc is implied when you compile a C program. If your standard library does not provide printf(), it is broken.
There is a rather salient argument against people new and inexperienced with C writing code that is accessible from outside a particular machine, so let's leave the conclusion at that: C newbies should not be writing networked code; and not try to extend that conclusion to say that C is invariably a munition waiting to explode no matter who is writing the code.
Sorry about that. I read only one part of your post and assumed what the question was instead of actually reading... anyway, if you're on a Unix system, sudo works great :D
1: NX on x86 has always been on a per-segment basis. The execute protection bit on pages was curiously omitted. Intel was assuming back then that everyone would be using a segmented memory model instead of a flat memory model, apparently. The existing x86 stack protection hacks exploit the per-segment protections at the expense of speed.
2: NX protection has not existed until recently on some other notable architectures, like MIPS and PowerPC.
I'd like you to show me an example of any CRC code that is remotely readable or intuitive to anyone but the author.
2. CPU and PCI memory accesses are independent and mutually exclusive. Considering that the alternative to PCI DMA would be the CPU shuffling one word at a time to the board, I don't really see what the problem is here.
What's the best way to take care of existing cat dander on furniture/carpet, and to make a normal allergen-producing cat less offensive to someone who is allergic? I've seen various methods touted by manufacturers of cure-alls, but no independent studies on what methods actually work.
I was waiting for someone else to correct that ludicrous assertion. Thanks!
VGA a good standard? It was years before we had a linear framebuffer bigger than ModeX, thanks to VGA (and 16-bit segmentation).
They could start by examining the Rendition pipeline and functional units. The documentation for the chip is available on the web, google for v2200spec.pdf. A MIPS-like RISC core surrounded by peripherals for the heavy graphics lifting looks like the design everyone else has gone with since then.
Restrictive? Exactly in what way does the GPL restrict the end user of the software? The answer is none, just like the BSD license.
Or do you mean free as in free to take my code and leverage a proprietary advantage against me? No thanks, I'll take the level playing field the GPL gives me, even if it means I have to respect the political or commercial views of other developers in return.
I'm grateful for people who release their code under a BSD license, but license wars are stupid. Licenses are a result of economics which is pinned to what motivates each developer. If you are motivated enough to give away your code with no strings attached, good for you. It's too bad you resent my good will in granting all rights to my users, and only reserving distribution rights for derived binaries, considering I would not be motivated to write free software otherwise.