Posts by fg_swe

Bingo

One way to fix Denis' income problem is to put his great work on the CV and apply for a job where his skills can be used. Lots of software engineers do this, myself included.

On the other hand, he could simply turn to the Qt business model and demand payment for all bug fixes and new releases. Maybe that would work, too.

iOS

Indeed iOS is a golden cage, but if you can spring it free (as some people apparently did in the past), it is very much a "little" Unix machine.

Eg. these Unix APPs

https://apps.apple.com/us/app/ftpmanager-ftp-sftp-client/id525959186

https://apps.apple.com/de/app/ftp-server/id346724641

They Wish

Good Old HTML is very much alive. It can be read using NetSurf and other little browsers.

Mind you, it is called World Wide Web, not Elite Controlled Mainframe.

Run your own little server behind your DSL modem and be free from the whims of the oligarchy.

Wife

Also see "Weib" in German, which is very close to Wife. For some reason "Weib" is now derogatory here (Suebi land), but that is a very recent development. So we now use "Frau".

"weiblich" still means "female" and is not derogatory. Well, maybe already on the left coast, they apparently want to cancel Mutter/Mother.

I do think we use too many latin terms already(in English much worse than in German) and that is why I prefer "men" over "human".

Rust vs Ada

I assume most people know the C/Java/C#/C++ Syntax(curly braces and all that) and Rust *looks* closer to what they know, as compared to Ada syntax.

Semantically, Spark Ada definitely looks very interesting.

I am not an Ada guy, but found this: https://www.adacore.com/uploads/techPapers/Safe-Dynamic-Memory-Management-in-Ada-and-SPARK.pdf

Please also look here for a POSIX compliant OS in Ada: https://marte.unican.es/

The short answer is that Rust is safer than traditional Ada. They did not have safe heap deallocation.

Indeed

From my experience with memory-safe languages I can support "Applications written in it are unequivocally stable". The undefined behaviour of the C and C++ languages has real-world effects such as mysterious crashes and other mysterious "behaviour". Memory safety brings real improvements in terms of reliability, safety and security.

Apparently, each true and factual statement gets some heavy downvoting here. I now take it as a badge of honor to get heavy downvoting.

Not Missing Windows Either

I use Linux and MacOS. The latter is a Unix with very nice GUI, ergonomics and comes with a nice Apple office package. Compilers I can get from brew and the bash command line feels like any other Unix.

OpenOffice and Linux in general does not look as polished, but certainly does the job, too.

Buy a Linux computer from a Linux vendor, if you don't want to spend many hours driver-hunting/compiling.

Only the business folks *think* that they need Windows+Office.

Still Is

MacOS, iOS, Android, FreeBSD, OpenBSD.

If Linus turns nuts tomorrow, we will simply switch to them.

Well

It is good to know how to systemically fix the challenges of Big Kernels.

Men

I was told that "man" and "men" has always been used as "Mensch" in German. If that offends COMINTERN tools, even better.

So ?

Lazy people hate the hard-working, hard-learning ?

You are free to stop using the inventions of Europeans. Have fun with the horse carriage and don't use any food from artificial

fertilizer(invented by the bad, bad Kaiser Wilhelm Institute). That would be "cultural appropriation". Also, have fun with the Abacus, as Zuse and Turing invented the digital computer.

Likewise, transistors are the evil work of the white men of AT&T. You can always use Smoke Signs, but never with digital signaling. Don't appropriate the work of Boole !

And when you hurt yourself, don't dare to use Penicillin.

US Neighbours

Both Canada and Mexico are on very friendly terms with the U.S. Strong economic partnership. There has been belligerence with latin America decades ago and it yielded not many good relations.

Cuba, Nicaragua and Venezuela are the exception from the rule. And all of them suffer from HUNGER, as far as I can fathom here. Communism at its worst.

Granted, there are loads of lazy and entitled commies throughout latin America, but most nations have very good relations with America. Brazil, Chile, Argentina, Colombia, Mexico and many small ones.

"Tough Nut"

Your assumption just shows the lack of people skills of computer folks like us. Do you really think the British, the Americans, the Germans will send a Bond-style white guy to China ? Complete with an shiny Aston-Martin and a $30000 Rolex ?

No, they will recruit a Chinese engineer/scientist working in South Korea or Japan. This man will travel between mainland and SK or JP on a regular basis. He can bring the goods with him on a Flash chip stuck into his gumshoes. Also, the guy will look like a moderately well-off Chinese man, just like engineers do.

Now, that's my imagination, the Oxford-educated and SIS-trained officers of SIS have much better knowledge how to do this. They robbed the Russians blind, they will do the same with China.

Ukraine

It's all a great tragedy, brothers killing brothers. And a competition of two power centers, the Russian and the English speaking power centers. With a bit of imagination you could say "two Viking powers duking it out".

https://en.wikipedia.org/wiki/Kievan_Rus%27

https://www.history.org.uk/primary/resource/3867/the-vikings-in-britain-a-brief-history

If the English and the Americans only knew how much they have in common with the Rus, maybe they could find a way to talk to each other and find a truce...

Covid Corruption

Indeed a big problem. Many people in the US, Germany, the UK and many other nations have been fighting this corruption. Check General Flynn, if you want a high profile antagonist.

In China, they locked up their people like cattle as part of the C thing.

If General Flynn were Chinese, he would have disappeared in a Gulag or worse.

Now, can you see the difference ? Fixable Corruption vs. Total Corruption.

I have been on the street protesting the craze, what have you done ?

Re: Well Done

Let's just call it a big misunderstanding. Your moral arguments have been lost when PUTIN brought arab migrants to the Polish Border and proceeded to threaten to burn down major cities.

We know your playbook.

Re: A Vital Expense for the Practical Supply of Virtually Nothing ..... Profit’s Big Brother

These corporations and their scientific basis only exist because of the rule of law, security and decency provided by the states they operate in. In communism, any independent thought will be destroyed by the secret police, if their paranoia deems it necessary.

See this

https://de.wikipedia.org/wiki/Werner_Hartmann_(Physiker)#1965%E2%80%931974:_das_Mikroelektronik-Jahrzehnt

Essentially, the GDR leadership thought they could steal the designs of the west, without understanding of the technology. The rationality of robbers.

(Google Translate can give you an english version)

Technology and science is based on questions, honesty and independent thought.

If Russia and China want to become science and technology centers, they are free to dump their communist attitudes. They are free to value their best minds instead of killing, incarcerating and jailing them. Eventually, their own workers, technicians, engineers and scientists will give them a top notch semiconductor industry.

"Crypto Protection"

You possibly think that your crypto layer protects the code which displays the plaintext (text, audio, video, HTML, GIF, whatever). This is a dangerous assumption, as one of your communication partners could be captured, be a mole or be hacked.

Then a properly ciphered data stream, containing an exploit, could enter your "display code".

I assume this is a theoretical threat for you, but this is not true for all users. See

https://en.wikipedia.org/wiki/Operation_Vengeance

https://www.theguardian.com/technology/2020/jan/21/amazon-boss-jeff-bezoss-phone-hacked-by-saudi-crown-prince

https://de.wikipedia.org/wiki/Hans-Thilo_Schmidt

Mysterious

"real problems lie in thread / hardware module interactions"

I have been using pthread threads, mutexes, semaphores and never had such mysterious problems. Works nicely on SPARC, Intel x86, AMD x86, Apple M1, PowerPC, Elbrus, HP PA. OSs Windows, Linux, Solaris, HP-UX, xBSD, MacOS 11.

Can you post an example of your problems ?

Why C and C++ Cannot Be Memory Safe

I have written it down here:

http://sappeur.ddnss.de/WhyCandCppCannotBeMemorySafe.html

Re: Nuanced Approach

Maybe this particular setup is "secure" because "no potential attacker knows the email adresses".

Maybe not and the attacker will send a crafted message, which exploits a bug in your crypto endpoints. This will become likely, as soon as you have lots of users and one of them is hacked. And of course, if you are an interesting target. Finance, politics etc.

Why do you use gmail as the "router" ? Why not your own little TCP based router program ? That would cut google out of the picture. Whitelist the allowed IP addresses as a Defence In Depth.

High Security ?

Recently an exploitable bug in GNUpg was found. This bug could have exfiltrated the Secret Key of the attacked party. So it might indeed make sense to run programs under valgrind control.

Silent Subversion

The real threat are the undiscovered bugs, also in YOUR code, which will be exploited by a cybernetic attacker over the network or other channels. If the attacker is an expert, you and your users will never even notice the subversion.

E.g. https://www.theguardian.com/world/2022/apr/05/apple-iphone-pegasus-spyware-nso-group-israel-jordan

Ariane V, First Flight

At that time, HIL Tests were not a thing. The lack of HIL cost them the aircraft and the payload. Damage $500 000 000.

Re: Impossible

6.) No concept of enforcing the use of Smart Pointers. This results in lots of use-after-free and use-before-initialized errors. Most of them exploitable by cybernetic attackers.

Throwing C and C++ In One Basket

In terms of lacking Memory Safety, they have indeed similar or identicaly problems. Lots of "undefined" behaviour, which all create Memory Cancer and can typically be exploited by cybernetic attackers.

Inefficient Memory Safe C and C++ Programs

$ valgrind ./unsafe_c_program

This will resut in a memory safe program execution at a penalty of 100 times more runtime cost. But it will detect all memory errors. Due to the slow execution, some bugs will be completely masked and appear to not exist (especially the multithreading bugs). With Rust or Sappeur the penalty will be in the order to 1.5 to 5(e.g. matrix multiplication).

Impossible

"C++ people should strive to achieve memory safety ".

There are very basic reasons, why this cannot be achieved efficiently:

1.) No concept of thread-local and thread-global data in the type system. This creates inefficiencies (any smartpointer must be threadsafe ?) and dangerous race conditions, which can destroy the heap and thereby the entire process.

2.) No automatic detection of raw arrays, raw pointers or vector::operator[](). All of which is a potential memory bug.

3.) No concept of detecting "pointer in the heap pointing to the stack".

4.) No concept of avoiding crazy casts such as

int x;

RadarTrace* radarPtr = RadarTrace*(x);

5.) Not standard way of stopping a stack overflow before it damages other modules.

Wrong

Even the most educated, capable and seasoned software engineers are under economic pressure to "deliver something working". That implies bugs. Example: The widely used Yacc compiler generator had a bug, which resided for more than 30 years undetected. There is no such man as a "perfect software engineer", but only various levels of "fallible".

That includes core software components for embedded systems. It also includes Boeing Co, who killed 250 people in a rookie software conception mistake("737 MCAS").

FALSE

1.) All Turing-complete languages, including Rust, can be used to write a compiler for compiling the language itself. Has been done for Pascal, Algol and partially for Rust. Rust uses llvm because the optimizer and code generator of llvm is lots of work to reproduce in Rust.

2.) Many operating systems have been written in non-C languages. E.g. HP MPE (Pascal), ICL 2900 (Algol), Marte(Ada and some C), Oberon(Oberon), ASOS(Ada), Singularity(C#), RedoxOS(Rust).

3.) Ideally, as many parts as possible of a system are realized in strongly typed and memory safe languages. Many popular C based libraries were chock-full of exploitable bugs, including Pcre, OpenSSL, libpoppler, libwget, libcurl and many others.

4.) Finally, memory safety and strong typing are not a Silver Bullet. Software Engineers and Managers still need to have proper requirements, system architecture, scanners, parsers, proper object models and sufficient test cases from unit to system level. For reasons of "economics", testing is often insufficient to the extreme.

Thanks

"because humans are [very] fallible"

This is the key observation. Even the most seasoned and best-educated software engineers will create bugs then and now. It happened to VxWorks, HP-UX, Linux, Windows, Apache, all Office packages, Yacc, Pcre, Flash Player, all sorts of PDF readers, all types of web browsers. In embedded control units(from ABS to software-stabilized jets), bugs will be found in "expert engineer" code by means of static analyzers, unit tests, module tests and system tests. Human error is the norm and must be countered by technological and organizational measures.

Memory Safety and Strong Typing (as opposed to JS, PHP, Python) are two of the most powerful tools to limit and contain the damage from software engineer's error.

Finally, this is not a new observation, Tony HOARE and Niklaus WIRTH have been saying this for decades. Algol Mainframes from ICL/Fujitsu, Lebedev Institute and Unisys have been providing memory-safe execution environments for decades, but they were much pricier than Unix. The cheap approach "won".

Escalation ?

Of course we could escalate:

1.) Take out critical infrastructure deep in Russia, using cruise missiles, stealth.

1.2) Sea blockade of Russia; serious sinking of Russian surface fleet. Submarines must be dealt with, too.

2.) Fight a nasty infantery/tank/missile war in Poland, Baltics

2.2) Conscript men in England, France, Germany, Spain, Italy, USA, Canada to get the required manpower vis a vis Russia's conscription

3.) Absorb quite a few cruise missile hits on London, Berlin, Warsaw and maybe even Paris.

In other words, not as convenient as our childish warmongers want it.

Do YOU want to be conscripted as a MILAN anti tank gunner ? We have would have 200 000 openings TOMORROW.