I hear you can marshal Java data for use by C libraries and vice versa. I'd expect a hole there where you could get the contents of a pointer.
There's no hole; when marshalling a compound object, the actual bits of the pointers aren't marshalled, the objects they point to are. Marshalling the bits of a pointer would be pointless (no pun intended) because they wouldn't mean anything to the receiver.
I think that he is referring to JNI, at which point you have a pointer. However, at that point you are in C land, and any pointer complaints are C memory management issues, so the pure Java security model holds. Java explicitly states that native libraries blow a hole in security so large a tank can drive through.
The reason why Java has garbage collection has nothing to do with programmer convenience; it is needed in order to make Java's security model work. Without garbage collection, a thread could allocate a chunk of memory and then free it, while hanging on to the pointer -- and then periodically take a look at what shows up in the memory area where the previously freed block used to be. Any Java process running in the same VM would be at risk. This kind of deliberate use of "dangling pointers" is easy to prevent if using garbage collectors, very difficult to prevent otherwise.
Wikipedia mentions a couple ways, tombstones (which I called handles), locks-and-keys (which appears to be slightly inaccurate, but the idea is correct), and a probabilistic allocator. Just build one into the language.
FWIW, I also beg to differ about the difficulty of manual memory management. In C++ it is usually very easy, as long as you're consistent about doing deallocations in destructors. I once had to write a 40,000+ line C++ program, with lots of dynamic memory management going on; once development was complete, I ran a complete test suite under Purify, and found 5, yes, five, memory leaks. Considering that most leaks are the result of mis-handled object ownership, which is an issue that garbage collection does not eliminate in general, you should be careful about your design, *and* use memory analyzers like OptimizeIt, even when developing in a GC environment.
So, even after being careful about memory management in 40 KLOC written by a single person, you still had five memory leaks? And that is easier than GC how? Remember that you have had to develop a method of memory management, that you are not dealing with competing methods of memory management from multiple developers, and that the program is not large. Sorry, but you are not convincing.
The LDS church has changed a lot since its inception, and is actually a pretty good case study on cults versus religions, given that it has grown from nothing to where it is now all in modern times. It, like many (most? all?) religions*, started as a cult (or at least had many cult-like attributes) that were shed slowly, and over some time. At this point, the church really is a full-fledged mainstream religion, but it wasn't always.
* For my purposes, I do not distinguish a religion from denomination or other subpart.
Yes and No. If I want to have a program that I pass SQL queries to and it returns either safe or unsafe that is not a computable problem. There is no way to tell if a query is good or bad without context. That being said there are things like prepared statements that give the statements context, that is explicitly stating which parts of the query are control statements and which are data.
In a simple system you are correct but in a system of even moderate complexity telling if code is vulnerable to SQL injection becomes non-trivial. When you have to dig through 5 levels of inheritance several times to hunt down all the places where the query is actually formed it's not all that simple.
Perl taint mode. Sure, it it conservative, but if taint is complex enough that it does work, then I wouldn't trust a person to get it right with 100% accuracy.
they didn't abuse him or violate his rights.
They detained him without cause. He had done nothing wrong.
These are not necessarily coextensive. Just because you have done nothing wrong does not mean that any detainment is without cause. If I have a bloody knife and am standing next to a guy that has just been murdered, then there is cause to detain me, even if I have done nothing wrong. One method that some criminals use to avoid detection is the removal of fingerprints. To lack fingerprints could be considered cause.
Having said that, I wish to note that I am not commenting on whether what happened was appropriate or not, as I do not feel that there was enough information given in TFA.
It's similar to the situation with breathalyzers where if the machine beeps or not can be the difference between you going to jail or driving home. Our judges have been replaced by robotic imposters, and I imagine it will get worse in the future.
Except with breath analyzers you do not have to take it, and can request a real test at the station, before they can decide to jail you.
"Gotcha, you snot-necked weenies!" -- Post Bros. Comics
