Forgot your password?

Comment: Re:Not true at all (Score 1) 445

by aaaaaaargh! (#46726465) Attached to: Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

I do somewhat disagree with the "insightful" moderation of your post, but also don't care, because I'm not coming to /. very often. Anyway, I feel the need to make a few corrections, since most of what you write about Ada is misleading:

1. It's written "Ada" not "ADA" (The language is named after the first name of Ada Lovelace)

2. Nobody has ever claimed that Ada is a "magic bullet", especially not people who program in Ada. ;-) Ada has its quirks and many annoying features and if you head to comp.lang.ada and ask the (few) people there whether you should use it for project X, they will give you some fairly honest and reasonable assessment - I've seen the answer "not really" come up whenever that makes sense. (Ada seems to be overkill for traditional end-user GUI applications, for example

3. There is no reason to believe that programming a library in Ada would make it obsolete, as long as a proper interface to C is provided - which is very easy. I readily admit that there are problems with the licensing of the GNAT runtime system, though, as it is GPL or MGPL only.

4. Ada source code is always more readable than C source code, provided that you know both languages equally well, of course.

5. Ada can, of course, create libraries with parameter passing conventions compatible with C and callable from C. (To get all benefits of Ada you need a small runtime system, though.)

6. Programming in Ada does not take more time than programming in C. (Actual measurements have indicated the opposite, but let's not get into such details which are always contestable. Let's just say that both Ada and C are both at the slow side of the range.)

7. Ada and Spark were merely meant as examples, but ones I know well enough to be sure about the example.

8. I'm not claiming that C cannot be used safely, but only after an extensive and expensive validation phase (using automatized tools and code review), and for that reason alone it should never be the #1 choice for safety and security critical applications.

I agree with you that many people who talk about a "safe" language have "managed" languages with automated garbage collection in mind, but that many of these languages are not safe at all, nor is dynamic memory allocation a desirable feature in that context. But 30 years experience or not, your claim that security does not hinge on the choice of language is just not true. The language and its implementation (+compiler test suites and validation) are an important part of the overall security and safety. So are management, validation and testing tools, the skills of the programmers, etc., of course.

Comment: Re:If you make this a proof of God... (Score 1) 594

No human could write out a literal blow-by-blow history of the Universe and no human could ever read such an accounting.

Why not? At least you should try to give some reasons!

He would obviously need to give an allegorical account of what happened in the past and not a literal one.

Obviously? Again, care to give any reasons? Why allegorical? It's not at all obvious, especially since shortened != allegorical, concise != allegorical, abstract != allegorical, and so forth. Why should a god dictate us the history of the universe and additionally shroud it in mystery up to about the highest level possible? It makes no sense!

We're in the 21 Century and you are still figuring out ways how to interpret phrases like "women were really created by a rib surgically removed from the first man" along the lines of "people should act this way" (what way? like spare ribs?)? No offense, but you "modern, moderate, feelgood" Christians really make me shake my head.

Comment: Not true at all (Score 1) 445

by aaaaaaargh! (#46723259) Attached to: Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

You're right that skills are very important, of course, but the language matters a lot. OpenSSL would have far less bugs if it had been written in Ada with critical sections in Spark and some formal validation, for example.

There is no perfect programming language for all purposes and languages are more or less suited for different purposes. Beware the language aficionado who has an excuse for every deficiency of his favorite language ...

Comment: Re:Tip from a programmer (Score 1) 78

by aaaaaaargh! (#46608863) Attached to: FTC Settles With Sites Over SSL Lies

How do you know that? Clairvoyance?

For all we know by now it's possible and not implausible to assume that MITM attacks are conducted routinely by various intelligence agencies across the world. SSL is broken. You should not rely solely on CAs anymore. Use physically delivered security tokens (such as encrypted random data on a USB stick) and/or the trust model of ssh instead.

Comment: Re:The issue is not about compliance with the law (Score 1) 94

by aaaaaaargh! (#46566185) Attached to: Turkish Finance Minister Defends Twitter Ban


Now, what makes the US laws better than the Turkish laws ?

Answer: The fact that US law doesn't allow for censoring of the views of political opponents by the government, whereas new Turkish laws have just provided the means for that.

Moreover: Court decisions are not always taken in a democratic way, you are mixing up jurisdiction with legislation. And not all laws that get passed by the legislative in every country are democratic either. Laws themselves are only democratic if they are based on democratic principles. Finally, censorship is not a relative concept. There are different degrees of censorship in different countries that can be measured quite easily.

"The most important thing in a man is not what he knows, but what he is." -- Narciso Yepes