Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Programming Languages You'll Need Next Year (and Beyond)

Forever Wondering Re:So much Fail. Ignore. (309 comments)

And the whole riff about GC. It makes out like it's superior in all cases.

It does mention refcounting as a subset [which perl does just fine with]. But, even with GC/refcount, you still have to break cyclic links in a tree (e.g. parent node has a list of children and each child points to its parent) when you're done or it will never GC. Also, sometimes you have to do something explicit to release resources (e.g. files) at a given time, rather than some arbitrary time later.

Further, GC is the bane of anything that must provide a constant semi-realtime response. With refcounting [can be done even in C/C++ if designed that way], you've got a "pay as you go" system [when refcount goes to zero, you free immediately]. With GC, you're "piling up debt" [of reclamation].

I've got a friend who is working on a java based web server system. When GC reclamation [finally] kicks in, the entire system goes "offline" for 35-45 seconds at a clip. He claims that particular system can be ameliorated with better programming practices (e.g. be mindful when a given construct will produce large amounts of GC), but is hard pressed to convince his colleagues of the need to do so.

2 days ago
top

Linus Torvalds: "GCC 4.9.0 Seems To Be Terminally Broken"

Forever Wondering Re:I know you're trying to be funny, but... (728 comments)

Perhaps. But, if you cared to look at the other posts on the thread, you'd see how calm and rationale he was. Or look at the gcc bug report he filed. The gcc bug has gotten fixed

I've met Linus in the flesh a number of years back and he is truly a calm and mellow guy. He only does the "bullying" for the "shock effect" to get people [with strong egos] to actually start _thinking_.

And there is some precedent for this. A number of years back, gcc was doing an illegal code motion optimization across a spinlock. After literally hundreds of posts on the gcc mailing list about how this wasn't a bug, Linus started using muscle. I would have, too, at that point. When somebody finally pointed out that the optimization was actually violating requirements in the memory model of the [then] upcoming ISO C spec, it took another hundred or so posts before they actually believed one of their own [gcc people].

Since that time, the gcc folks have become more receptive to [rather than dismissive of] bugs filed by the kernel people--which is a good thing.

3 days ago
top

Ask Slashdot: Linux Login and Resource Management In a Computer Lab?

Forever Wondering Re:Is this all necessary? (98 comments)

$lisp?? Was this on McGill's RAX/Music or BU's RAX/VPS system by any chance?

about a week ago
top

After NSA Spying Flap, Germany Asks CIA Station Chief to Depart

Forever Wondering Re:I don't blame them for being mad. (219 comments)

But, Germany wants to be part of the "special club" that has been US, GB, Canada, Australia, New Zealand for sharing SIGINT: http://en.wikipedia.org/wiki/U... But, most of those are just part of the UK, and they speak English [more or less :-)], so Germany can never really be "one of the good ole boys" ...

about three weeks ago
top

The World's Best Living Programmers

Forever Wondering Re:No exhaustive.. (285 comments)

Among its many other uses, QEMU is used as the android developers' simulator.

about three weeks ago
top

IEEE Spectrum Ranks the Top Programming Languages

Forever Wondering Re:GIGO (197 comments)

I agreed with your original first paragraph [but forgot to mention it--sorry].

We need multiple such ranking lists just like we need multiple style guides. On the latter, some are better than others, but when they all converge on a given point, that's when it's more likely to be a valid concept.

I just looked at the latest tiobe and it appears to better match how I would have [being a programmer] ranked some of the languages. Spectrum will no doubt [have to] tune their methodology, based upon the drumming they're getting in this slashdot topic.

But, comparing languages can be apples/oranges or more like wrench/screwdriver. Although a master index can have benefit, subdividing it by use cases may be better. For example:
- OS/embedded/realtime: C/C++/Obj-C
- Web server backend: perl/Java/php
- sysadmin: perl/python
Even still, there are overlaps/hybrids in these as well.

about three weeks ago
top

IEEE Spectrum Ranks the Top Programming Languages

Forever Wondering Re:GIGO (197 comments)

In the link they provided explaining how they do their rankings, they mention Google search is one metric and also mention that it's what tiobe uses [with a link to tiobe's page]. They're trying to be more transparent and use multiple metrics vs just one or two. Maybe it's time to have an alternative to tiobe. If both indexes, done with different methodologies, provide similar results, this would tend to bolster the validity of each.

about three weeks ago
top

Why Software Builds Fail

Forever Wondering Re:Because I'm lazy (279 comments)

Clang warns about bad variable names? I need to switch!

I guess I should have used:
    if (a_simple_boolean_expression_variable.that_is_automatic_scope.and_therefore_on_the_stack);
        yet_another_simple_integer_variable.that_is_automatic.and_likewise_on_the_stack = 5; // set value to five

Or, if you [yikes!] prefer camel hump notation:
    if (aSimpleBooleanExpressionVariable.thatIsAutomaticScope.andThereforeOnTheStack);
        yetAnotherSimpleIntegerVariable.thatIsAutomatic.andLikewiseOnTheStack = 5; // set Value To Five

I can be flexible when needed ...

about a month ago
top

Supreme Court Rules Against Aereo Streaming Service

Forever Wondering Re:One disturbing bit: (484 comments)

Engineers' Guide to the Supreme Court: They're not smart ...

about a month ago
top

Why Software Builds Fail

Forever Wondering Re:Because I'm lazy (279 comments)

I prefer the warnings and use -Werror for my code.

However, adding -Werror to a library/whatever that the you don't [intend to] control/maintain that has lots of "benign" warnings just causes the headaches that you suggest. But, it leaves the code fragile/open to a bug that the compiler could help with.

But, it's the upstream developer's responsibility to fix the warnings which usually involve less hardship than not fixing them. You never know when it's trivial vs. uncovering a genuine bug. If all the trivial warnings are fixed, it allows more eyes on the problem. If I take over responsibility for a code base, the first thing I will do is fix the warnings [usually takes just a few hours]. By doing so, I've found genuine bugs. Otherwise, these get lost in the noise of the false positive warnings.

Case in point. I had some code that wasn't working. Built clean with gcc using -Wall. Couldn't see it visually despite several goings over. Finally recompiled with clang [thinking it might be an optimizer bug of some sort]. clang has some warnings that are default on with -Wall that gcc doesn't turn on. The code that was wrong, from several thousand lines, and trivial to see by inspection if you're zeroed in:

if (foo);
    bar = 5;

clang flagged this as an "empty if" clause. I've since added the explicit -W option for gcc builds.

about a month ago
top

Intel To Offer Custom Xeons With Embedded FPGAs For the Data Center

Forever Wondering Re:To help prevent people from buying AMD and nVid (80 comments)

Some workloads perform much better on an FPGA, notably, realtime encoding/compression of HD H.264 video. I know because I've worked on such a broadcast quality encoder [currently being used by some major distribution outlets]. While you're right that it's harder to program an FPGA [in particular, validate the design], the performance gains can be huge. In particular, calculating motion vectors gets a win.

Note that H.264 DCT's are integer ones. And, with Intel's hybrid/onchip implementation, the FPGA logic could have access to the CPU's SIMD FP hardware. With Intel's hafnium and trigate technologies, adding the FPGA won't consume that much additional power.

Also note the benefits for search in an article just published today: http://arstechnica.com/informa...

about a month and a half ago
top

New OpenSSL Man-in-the-Middle Flaw Affects All Clients

Forever Wondering Re:This is awesome (217 comments)

And the developer that created this bug in 1998 is the same one who created heartbleed. Some people get a lifetime ban for hacking. Do we need a lifetime ban for coding?

about 2 months ago
top

OpenSSL To Undergo Security Audit, Gets Cash For 2 Developers

Forever Wondering Re:Share and Share Alike (132 comments)

In another comment, I posted a link to the talk that the libreSSL people gave on what they're doing. It's not really true that what they come up with won't run on other platforms. They're just removing a ton of "#if defined(OPENVMS) && (! defined(WIN32))" in favor of assuming a POSIX compliant libc. Even WinX now has that.

They're taking the "shim" approach. For example, they have two BSD-only functions: explicit_bzero [will _not_ be optimized away by the compiler--just calls bzero] and arrayalloc [does what calloc does but does _not_ zero the memory].

The BSD calloc/arrayalloc do a precheck for overflow of nmemb * size.

These are easy [trivial] to implement for non BSD systems:
void
explicit_bzero(void *ptr,size_t len)
{
    memset(ptr,0,len);
}
void *
arrayalloc(size_t nmemb,size_t size)
{
    size_t totsize;
    void *ptr;

    totsize = nmemb * size;
    if (/* totsize overflowed*/) // blow up ...

    ptr = malloc(totsize);

    return ptr;
}

about 2 months ago
top

OpenSSL To Undergo Security Audit, Gets Cash For 2 Developers

Forever Wondering Re:OpenSSL and what else. (132 comments)

The OpenBSD folks forked OpenSSL into LibreSSL. In addition to checking security, they are doing general code cleanup, removing unnecessary/dead code. They did a talk recently about what they've accomplished: https://www.youtube.com/watch?...

IMO [as a programmer of 40+ years (30+ with C)], the programming style of the code is horrible. One of the functions that produced heartbleed is called dtls1_process_heartbeat. For starters, it has one of the worst indenting schemes I've seen and seems to violate most style/best practice guides I've read. It isn't surprising that a bug [security or not] would creep in.

Here's the original commit for the code:
http://git.openssl.org/gitweb/...

Here's the commit for the heartbleed fix:
http://git.openssl.org/gitweb/...

about 2 months ago
top

Why Scientists Are Still Using FORTRAN in 2014

Forever Wondering Re:Q: Why Are Scientists Still Using FORTRAN in 20 (634 comments)

Well, consider that APL was originally based on an [alternate] mathematical notation developed by Kenneth E Iverson.

BTW, I was writing APL programs in 1972 [and I already knew Fortran] ... The real problem with APL, aside from needing an alternate keyboard, was that the equations were so dense that proper commenting was difficult. And, if you did proper commenting, it broke up the equations, defeating the purpose ...

about 3 months ago
top

Mozilla Offers FCC a Net Neutrality Plan With a Twist

Forever Wondering Re:There's no financial incentive to play fair (123 comments)

The incentive the FCC should be providing is to adopt the European model for the "last mile" [cable]. If Comcast/Verizon can't keep up, any ISP could come in [into the CO literally] and connect directly to the consumer. Thus, ISP's are incentivized to provide good service or somebody else will [and the incumbents lose the customer].

about 3 months ago
top

Heartbleed Turned Against Cyber Criminals

Forever Wondering Re:NSA: Massively irresponsible/incompetent (50 comments)

If you look at NSA's TAO division [or some others], they specialize in looking for such zero days. They have used many zero days that are a lot harder to find/utilize than this one. They have 30,000 people working for them. Even if only 1,000 are looking for zero days full time, this is a lot of manpower to throw at the problem

Odds are pretty high that the NSA had, indeed, found the bug. But, they decided they had a shiny new toy for their arsenal. They didn't see the bigger picture that this vulnerability would become so widespread (e.g. not just servers, PC's, etc. but also routers, DSL modems, home routers, ...) that it would compromise systems we depend upon (e.g. secure banking, confidential medical records systems, to name but a few). Even if a few spies/terrorists got tripped up by this, the collateral damage count for this makes the "do not disclose" decision to be the wrong choice. With friends like the NSA, who needs saboteurs ...

Some of the FOSS is high quality indeed [I've even written some ;-)]. But, it's either Linux/BSD kernel, or where the code is contributed by paid employees of a given company (e.g. the Linux USB 3.0 driver is first rate, because it was written by a woman at Intel who is their point person for USB 3.0). Other FOSS is written by fresh grads who need/want street cred in order to get their first programming job. And some FOSS gets taken over by a small group with a "vision" [cult] that refuses to take suggestions/criticism, like Gnome 3, and gets train wrecked in the process.

YMMV ...

about 3 months ago
top

Heartbleed Turned Against Cyber Criminals

Forever Wondering Re:NSA: Massively irresponsible/incompetent (50 comments)

I don't expect all code to be bug free. I'm a programmer with 40+ years experience. I looked at the patch diffs, direct from the upstream repo. The bug was missing a simple bounds check on the length of a payload. Sorry to say, but, the original code, stylistically, was newbie quality. If I had been the reviewer, I would have required that it be cleaned up [not even looking for a vuln]. Doing so might have made the bug easier to see [and may have prevented the bloodshed].

Anybody [like the NSA] that looks for zero-days would/should have found it with a simple code inspection. Compared to a flaw in one of the math algorithms in SSL, this was low hanging fruit indeed.

And ... When the new feature was added, where was the unit test program for it? Consider that on CPAN, the average perl module has some 20-30 acceptance tests that run each time the module gets rebuilt. I add such tests to my code all the time.

about 3 months ago

Submissions

Forever Wondering hasn't submitted any stories.

Journals

Forever Wondering has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>