Posts by Robot W

Re: I must be a bit thick

For safe languages, at compile time, the compiler will either warn, or refuse to compile if the code is obviously incorrect or exhibits unexpected non-deterministic behaviour.

For quite a few of these languages, if the algorithm is fairly short/simple, perhaps say 30 lines or so, then there is a good chance that if it compiles then it is also correct.

But when you take an unsafe language like C, the programmer doesn't get those checks (although linters can help). The programmer *might* want to:

- read that uninitialized memory (maybe because they mistakenly believe that will inject some randomness)

- read the entry just before or after the array end.

- convert that pointer to a struct to a pointer to an Integer instead (I can't recall if the C standard mandates the structure layout, or if this is also not deteministic)

- concurrently modify that block of memory that it actually allocated and used by another part of the program (e.g., as a broken effort to signal some completion between threads)

- free that memory, but keep using it/accessing it anyway (perhaps they can just share it with another part of the program).

C gives you great power by very easily allowing you to achieve all of these things. Sometimes this may be want you want to achieve, but probably 99% of the time, this isn't what you want to do, and if you really do want to do that (e.g., memory map some hardware registers) it would be better to explicitly call that out in the code rather than just make it the assumed default behaviour.

I also often see the argument that smart people can be trained to write safe C code if they are good programmers, however there is statistical evidence that this is simply not the case, even the very best programmers make mistakes, and those mistakes can be very costly in the amount of time and effort it take to debug them, and also the cost to the poor person or organization that experiences the error. Errors that a safer language prevents you from ever making.

I've also only mostly listed some of the simple common issues in languages like C, as soon as you start trying to write and debug concurrent code your problems get magnified.

So, given the choice, I strongly prefer writing in a safe language, because more of my time and energy can go into solving the problem, and less time is spent trying to think about array bounds when compilers can reliably do that for you with no effort, and minimal runtime cost.

Re: Won't happen in my lifetime

Its unclear what you think won't happen in your lifetime:

If the question is whether IPv4 will be turned off and not used anywhere then that seems unlikely.

If the question is whether the majority of public internet traffic runs over IPv6, then I suspect that is quite likely to happen over the next 10 years.

If you look at Google's IPv6 traffic over the last 10 years then it has gone from 0.4% in Jan 2012 to approx 36-38% in Jan 2022. Perhaps further growth will be slower, but it still seems likely that in 10 years time we will be at 65-70+% of Internet traffic reaching Google being over IPv6.

In terms of IETF, they work by rough consensus, so it would need an individual to submit a draft that states that IPv6 is a failure and that the IETF should work on an alternative internet protocol instead. Several individuals have tried (and some entities are trying to build "NewIP") but so far they seem to be a long way from gathering the sort of consensus that they would need to progress that work within the IETF, partly because it isn't clear what they are really trying to build or what problem they are really trying to solve.

Re: How is this possible?

I doubt that the mistake here was that the coder didn't know that they should be doing bounds checking.

The problem here is that:

(1) It is hard to to always get it right every single time.

(2) It is hard for a reviewer to easily spot whether or not the coder got it right. [Noting that nobody had spotted this bug for 10 years in security critical code!]

(3) You only need to get it wrong once and you potentially have a severe security flaw.

Note, there is an assumption that the language doing the bounds checking makes it slower, but it doesn't. It just means that the compiler always puts in the bounds checking code that the programmer should have been writing anyway. I.e. a decent compile will spot that the coder has already checked the bounds and hence it doesn't need to do it a second time.

It is also a fallacy to think that it is only poorly trained, or inexperienced, programmers that get this wrong, or folks that aren't smart enough. Everyone gets these sorts of things wrong at some point, the only difference is how often they make the mistake, and whether they find and mitigate the bug before attackers do. Otherwise the penalty is the same in all cases - your code is no longer secure, all for an issue that compilers can trivially get right for the coder.

Re: Definitely of Interest

Exactly. Because there is no market need to ship a 16 core part at this time.

It also allows them to release the 12 core part at $499 now, which also allows them to release a 16 core part at a slightly higher price later, perhaps $599.

Re: "IPv4-only hosts are unreachable without either a dual stack or an address translator"

My impression is that most (perhaps all) of the alternative ways to solve the IPv4 upgrade problem have been discussed extensively in IETF over the last decade or so. I'm pretty sure that your suggestion has been considered and already discarded for technical reasons, maybe because it has to retain a global routing table that is bloated with all the v4 entries.

Re: Highly amusing to the cognosenti but utterly baffling to the rest of us.

I think that Functional Programming means different things to different people. I don't go in for the really abstract stuff.

As someone who has 20+ years of successfully writing professional C in embedded systems, then my view of functional programming is that it is generally a better way to more quickly write programs that are easier to understand and have far fewer problems.

If I try and sum it up in a nutshell, then it feels to me that imperative programming is generally about telling the computer *how* to manipulate some data, but functional programming is more about telling the computer *what* manipulation you want it to perform on the data.

You might think that this makes functional programs really slow, but its speed is comparable to imperative programs, e.g. A reasonable Scala program is generally within 3 times the speed of highly optimised C. And, by highly optimised, I mean that most professional C programmers would not choose to write the code that way, and other programmers needing to maintain it wouldn't be thanking them for it either.

Further, it is also my belief that it makes me a better C programmer because I start to think about things in different ways, and I try to write my code differently, so that it doesn't just work today, but so that it will work reliably (even when extended) in 20 years time.

Finally, I see that the best techniques of functional programming are making their way into main stream languages like Java, and the new crop of languages like Swift, Rust, etc are adopting even more functional principals, just because it makes programmers lives easier.

Perhaps google for "Programming in Scala" by Martin Odersky, Lex Spoon, and Bill Venners. The first edition is freely available online, and gives some access into functional programming from one of the people who is very much at the forefront of modern program language design ...