SoylentNews is people
SoylentNews
https://www.theregister.co.uk/2018/04/04/microsoft_windows_defender_rar_bug/
A remote-code execution vulnerability in Windows Defender – a flaw that can be exploited by malicious .rar files to run malware on PCs – has been traced back to an open-source archiving tool Microsoft adopted for its own use.
[...] Apparently, Microsoft forked that version of unrar and incorporated the component into its operating system's antivirus engine. That forked code was then modified so that all signed integer variables were converted to unsigned variables, causing knock-on problems with mathematical comparisons. This in turn left the software vulnerable to memory corruption errors, which can crash the antivirus package or allow malicious code to potentially execute.
(Score: 2) by tangomargarine on Tuesday April 10 2018, @04:24PM (5 children)
I've been under the impression that C++ is one of the most consistent languages you can find anywhere. Whether you *understand* or *agree with* why it does stuff a certain way is another thing.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @06:43PM
(Score: 2) by PiMuNu on Tuesday April 10 2018, @08:26PM (3 children)
Well, what does consistency really mean? I argue that it means doing what it does with the smallest possible number of syntactical exceptions/keywords/junk to remember (shannon entropy anyone?). C++ has absolutely tonnes of magic keywords and weird exceptions. I highlighted a few in GP. I found a list of keywords here for C++ (about 100 reserved words):
http://en.cppreference.com/w/cpp/keyword [cppreference.com]
Compare with python (about 40 reserved words):
https://www.programiz.com/python-programming/keyword-list [programiz.com]
and java (about 50 reserved words):
https://docs.oracle.com/javase/tutorial/java/nutsandbolts/_keywords.html [oracle.com]
Not definitive, but gives a feel for how complex the language is.
(Score: 2) by tangomargarine on Tuesday April 10 2018, @08:48PM (2 children)
"Fewest keywords" seems like a somewhat odd hill to make your stand on, but okay I guess. Fewer keywords is what I'd call more simple, not more consistent, though I can kind of see where you're coming from.
Python was explicitly designed (6 years later) to be elegant, and has things that it can't do that C++ can. From what I've read, Java would be more streamlined still if they had designed generics into it from the get-go instead of 1.2. But again, there's a lot of stuff Java can't do because of the JVM. So yes, naturally Python and Java will be simpler than C++. Kind of a tautology.
Erm...okay bleeding from the eyes now after looking that up and not sure what your point is. It sounds like you're arguing from a standpoint of which language is more "beautiful" than which, rather than the principle of least surprise.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by PiMuNu on Tuesday April 10 2018, @08:59PM (1 child)
Can you think of a better estimator of "easiest syntax"?
(Score: 2) by tangomargarine on Tuesday April 10 2018, @09:44PM
We weren't talking about "easiest." The original term was "most consistent," which ironically we are very lacking in this conversation.
I would generally agree that Java/Python are easier and more elegant to use. You want C++ for large, complex projects, that you want to be efficient and maintainable || embedded programming. Or at least that's my impression.
Mostly I'd contrast C++ with Ruby and JavaScript. I really don't like duck typing. Just the ideas of not being able to figure out what sort of data a variable holds from a glance at the code, having no compile-time checking--the only way to tell whether your code works is to run it--make me feel nervous and icky. Stuff like this [destroyallsoftware.com] just bends my principle of least astonishment over a chair and fucks it senseless.
Personally I think it would even be a better idea to teach students Ada than C++ as their first language (no, stop laughing! :) because it forces you to think in terms of diligent consistency. Programming isn't something you can just wildly chuck at a wall and hope for the best with. And I found my crash course in assembly pretty informative as to explaining why we do fundamental things certain ways in programming.
Still not sure whether I really like C++. I was doing a year of unit testing in it in 2016, and wrestling with the compiler output was a constant struggle. It would never outright lie but it usually seemed to be doing its best to mislead me as to what the problem was. Forget to initialize a member of a structure and it spits out some cryptic thing about memory alignment difficulties. Once you got into the right line of thinking about it, it usually made some perverse sort of sense, though. And C++ doesn't try to hide the fact that it's using pointers like Java. And you can specify how to pass parameters! Just being able to tell the code exactly what you want it to do is nice sometimes. No "Java is pass by value...except the value is the reference...except for primitives" mindtwisters.
I'm doing mostly JavaScript now, but prefer Java (CLI) or C# (GUI) for personal projects. Just going to trail off now. I'm 28 so that's my $0.02.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"