who is in charge of enforcing the bounds checking is not really the programmers concern unless the programmer is doing advanced stuff like sandboxing untrusted java bytecode.
the java language is always used in the java environment and the java environment provided bounds checking. C (and most other conventional languages) cannot be compiled for use in the java environment without seriously changing the language or using very dirty tricks.
To the CPU its all instructions, it doesn't care if its issued by the crt or the java_vm. that is indeed true but the vast majority of security holes are caused by programmer screwups. Languages like java simply don't let the programmer write arbitary memory by running off the end of arrays.
i'm not saying java apps can't be insecure but i am saying there is a whole class of hole thats easy peasy to create in C and virtually impossible to create in languages like java.
also opensource actually helps against buffer overflows as apps built on different setups are likely to have different adresses making it very hard to make one exploit that works against all builds.
visa/mastercard etc presumablly have branches in different countries. Can say the US branch of visa/mastercard stop payments from us cards to ukranian merchants?
iirc at least in the uk you could digitially copy from CD to minidisk and from a minidisk recorded from analog to another minidisk but not from cd to minidisk to minidisk or analog to minidisk to minidisk to minidisk
so it was an annoyance but an analog minidisk-minidisk copy was still far higher quality than a tape-tape copy
what the installation media will install on is irrelevent here what matters is what the XP corporate license they have allows the holder to do.
i know the standard academic license for windows is upgrade/downgrade only. I belive corporate is the same but i'm not positive and i'm finding it hard to find out from microsofts site.
note: this is written by a brit usians should replace "6th form collage" by "last two years of high school" and possiblly "university" by "collage"
its certainly a possible approach but whilst a cronological approach is a nice idea in some ways i think it would be rather dull to study the same thing every day and would also amke it much easier to get left behind if you were struggling with something.
once you decide you are going to run modules in paralell then in any subject that requires programming (cs eee etc) you are going to have to teach people programming in a way that gets them reasonablly competent at it fast.
its just like when you learn maths pre-university you learn quite a bit by rote and even the proofs you do aren't exactly rigourous. Those who go on to study mathematics will learn how to prove it all properly later but at the early levels gaining competance is far more important than learning the why.
when you work in a factory you presumablly see a tiny part of it day in day out.
with a video they can lead you through the (often reasonablly interesting) process spending only enough time looking at each section to see whats going on. discovery (at least here in the uk) have been doing shows like this under the name (how its made) for ages.
if you don't need to maintain a public interface is there any reason not to just use the fields directly and only change them into getters/setters if you need to add a sideeffect given that modern ides (at least eclipse) make doing that change painless?
I believe java owes to a lot more people than just the Sun guys... indeed but they control the standard implementation of the standard library which leaves a choice between being at suns mercy and dealing with a buggy/incomplete clone (the hugeness of javas standard library makes life rather hard for the cloners).
try {//code that can throw exceptions goes here } catch (exception e) {
if (e instanceof RuntimeException) {
throw (RuntimeException)e;
} else {
throw new RuntimeException(e);
} }
doesn't managed C++ have abilities to interact with normal C++ libs that the other.net languages lack? i thought that was the main reason for keeping C++ arround into.net!
trouble is its the immediacy of wikipedia that encourages legitimate editing in the first place.
whats imo needed long term is a split of "wikipedia stable" and "wikipedia current" this has been talked about for a long time but its a lot of work and they never seem to get round to actually statring doing it.
an immutable string is safe to pass arround in the knowlage that some other bit of code won't mutate it behind your back.
with mutable strings you either need to trust the code that passed it to you (which is generally bad design due to mistakes even if all the code is in some sense trusted) not to touch the string or copy it as soon as you are passed it (which can be expensive).
however for some stuff mutable strings are nessacery to avoid huge ammounts of copying when actually doing heavy processing on the data.
and whilst there is official unrar source (under a nasty don't compete with our compressor type license) availible last i checked it was not up to date with current versions of the rar format.
afaict the differences between them are just in the standard libs and some of the syntaic sugar. So whichever one you learn i'd imagine picking up the other will be pretty easy.
i've occasionally been sent legitimate files by friends as rars but the truth is the main place where rar is seen is indeed warez.
who would wan't to release legitimate software in a form that can only be read by a single companies nagware tool when there are free alternatives arround that often give better compression? (pirates don't care because they can just crack winrar itself).
1: avg is free to use for home users (and small buisnesses can probablly get away with using it too even though they aren't supposed to)
2: most large corps probablly already have an antivirus contract.
so the only demand would be from users who run windows but don't wan't to use any other closed source software.
also afaict getting good detection rates accross a wide range of virus types is hard as is hooking into windows to do realtime scanning clam seems to mainly be used as a mailscanner is its virus db really any good for other types of virus?
can't say i agree as soon as you wanted to do something even a little unusual with vcl it got in your way, huge ammounts of stuff were declared private often requiring copying huge chunks of vcl code (which would also mean license issues if you planned to release your source) to get what you wanted done.
the delphi ide was very good for making guis quickly and the language was totally uncrippled but vcl was pretty nasty really.
and you had to go direct to winapi for stuff as simple as running another application.
someone has already pointed out the problem of multiple choice but even if you find a way arround that you still have the problem that if you can't autogenerate tests the spammer can just compile a complete test list.
but unlike previous smartphones, this seems to do some USB neogitation before it starts to charge ;)
in other words they actually followed the USB spec
and worst of all (especially for sites like wikis) it doesn't support unicode editing.
a relatively mild example of a page getting wrecked by IE mac before mediawiki implemented a workaround. i saw far worse breakage but finding it now is likely to be very tricky.
who is in charge of enforcing the bounds checking is not really the programmers concern unless the programmer is doing advanced stuff like sandboxing untrusted java bytecode.
the java language is always used in the java environment and the java environment provided bounds checking. C (and most other conventional languages) cannot be compiled for use in the java environment without seriously changing the language or using very dirty tricks.
To the CPU its all instructions, it doesn't care if its issued by the crt or the java_vm.
that is indeed true but the vast majority of security holes are caused by programmer screwups. Languages like java simply don't let the programmer write arbitary memory by running off the end of arrays.
i'm not saying java apps can't be insecure but i am saying there is a whole class of hole thats easy peasy to create in C and virtually impossible to create in languages like java.
also opensource actually helps against buffer overflows as apps built on different setups are likely to have different adresses making it very hard to make one exploit that works against all builds.
visa/mastercard etc presumablly have branches in different countries. Can say the US branch of visa/mastercard stop payments from us cards to ukranian merchants?
iirc at least in the uk you could digitially copy from CD to minidisk and from a minidisk recorded from analog to another minidisk but not from cd to minidisk to minidisk or analog to minidisk to minidisk to minidisk
so it was an annoyance but an analog minidisk-minidisk copy was still far higher quality than a tape-tape copy
Last month, I saw a couple of expert techs fail to upgrade a lab to XP SP2 after spending most of a day at it.
what is your definition of expert here?
why aren't all the apps running a standard image?
were they idiotic enough to be trying to upgrade the existing installs along with any shitware students managed to add rather than just re-imaging
were the issues caused by specialist third party software that wouldn't run on linux in the first place?
likely because they have to supply something to meet an agreement they have with ms and freedos was the smallest free thing they could think of.
what the installation media will install on is irrelevent here what matters is what the XP corporate license they have allows the holder to do.
i know the standard academic license for windows is upgrade/downgrade only. I belive corporate is the same but i'm not positive and i'm finding it hard to find out from microsofts site.
note: this is written by a brit usians should replace "6th form collage" by "last two years of high school" and possiblly "university" by "collage"
its certainly a possible approach but whilst a cronological approach is a nice idea in some ways i think it would be rather dull to study the same thing every day and would also amke it much easier to get left behind if you were struggling with something.
once you decide you are going to run modules in paralell then in any subject that requires programming (cs eee etc) you are going to have to teach people programming in a way that gets them reasonablly competent at it fast.
its just like when you learn maths pre-university you learn quite a bit by rote and even the proofs you do aren't exactly rigourous. Those who go on to study mathematics will learn how to prove it all properly later but at the early levels gaining competance is far more important than learning the why.
when you work in a factory you presumablly see a tiny part of it day in day out.
with a video they can lead you through the (often reasonablly interesting) process spending only enough time looking at each section to see whats going on. discovery (at least here in the uk) have been doing shows like this under the name (how its made) for ages.
if you don't need to maintain a public interface is there any reason not to just use the fields directly and only change them into getters/setters if you need to add a sideeffect given that modern ides (at least eclipse) make doing that change painless?
I believe java owes to a lot more people than just the Sun guys...
indeed but they control the standard implementation of the standard library which leaves a choice between being at suns mercy and dealing with a buggy/incomplete clone (the hugeness of javas standard library makes life rather hard for the cloners).
can't they just use something like
//code that can throw exceptions goes here
try {
} catch (exception e) {
if (e instanceof RuntimeException) {
throw (RuntimeException)e;
} else {
throw new RuntimeException(e);
}
}
doesn't managed C++ have abilities to interact with normal C++ libs that the other .net languages lack? i thought that was the main reason for keeping C++ arround into .net!
trouble is its the immediacy of wikipedia that encourages legitimate editing in the first place.
whats imo needed long term is a split of "wikipedia stable" and "wikipedia current" this has been talked about for a long time but its a lot of work and they never seem to get round to actually statring doing it.
an immutable string is safe to pass arround in the knowlage that some other bit of code won't mutate it behind your back.
with mutable strings you either need to trust the code that passed it to you (which is generally bad design due to mistakes even if all the code is in some sense trusted) not to touch the string or copy it as soon as you are passed it (which can be expensive).
however for some stuff mutable strings are nessacery to avoid huge ammounts of copying when actually doing heavy processing on the data.
and whilst there is official unrar source (under a nasty don't compete with our compressor type license) availible last i checked it was not up to date with current versions of the rar format.
afaict the differences between them are just in the standard libs and some of the syntaic sugar. So whichever one you learn i'd imagine picking up the other will be pretty easy.
i've occasionally been sent legitimate files by friends as rars but the truth is the main place where rar is seen is indeed warez.
who would wan't to release legitimate software in a form that can only be read by a single companies nagware tool when there are free alternatives arround that often give better compression? (pirates don't care because they can just crack winrar itself).
several reasons
1: avg is free to use for home users (and small buisnesses can probablly get away with using it too even though they aren't supposed to)
2: most large corps probablly already have an antivirus contract.
so the only demand would be from users who run windows but don't wan't to use any other closed source software.
also afaict getting good detection rates accross a wide range of virus types is hard as is hooking into windows to do realtime scanning clam seems to mainly be used as a mailscanner is its virus db really any good for other types of virus?
can't say i agree as soon as you wanted to do something even a little unusual with vcl it got in your way, huge ammounts of stuff were declared private often requiring copying huge chunks of vcl code (which would also mean license issues if you planned to release your source) to get what you wanted done.
the delphi ide was very good for making guis quickly and the language was totally uncrippled but vcl was pretty nasty really.
and you had to go direct to winapi for stuff as simple as running another application.
someone has already pointed out the problem of multiple choice but even if you find a way arround that you still have the problem that if you can't autogenerate tests the spammer can just compile a complete test list.
so what happens when spambots start calling that number and trying to convince the operator to give them accounts?