https://www.theregister.co.uk/2018/04/04/microsoft_windows_defender_rar_bug/
A remote-code execution vulnerability in Windows Defender – a flaw that can be exploited by malicious .rar files to run malware on PCs – has been traced back to an open-source archiving tool Microsoft adopted for its own use.
[...] Apparently, Microsoft forked that version of unrar and incorporated the component into its operating system's antivirus engine. That forked code was then modified so that all signed integer variables were converted to unsigned variables, causing knock-on problems with mathematical comparisons. This in turn left the software vulnerable to memory corruption errors, which can crash the antivirus package or allow malicious code to potentially execute.
(Score: 4, Funny) by DannyB on Monday April 09 2018, @06:19PM (1 child)
Microsoft wishes to assure you that this will be patched within 24 months or less. Nothing to be concerned about.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 4, Touché) by tftp on Monday April 09 2018, @09:00PM
(Score: 2) by turgid on Monday April 09 2018, @06:28PM (5 children)
Seriously?
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 5, Insightful) by maxwell demon on Monday April 09 2018, @06:32PM (4 children)
I bet the change was done purely in order to conform to some internal Microsoft coding standard. And probably that “simple” task was given to an inexperienced programmer …
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Touché) by Runaway1956 on Monday April 09 2018, @07:39PM
"And probably that “simple” task was given to an inexperienced janitor …"
FTFY :^)
(Score: 4, Insightful) by turgid on Monday April 09 2018, @07:55PM (2 children)
I'm surprised that didn't involve rewriting it as an Excel macro...
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 2) by Freeman on Monday April 09 2018, @08:41PM
That we've been told about anyway.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 1) by DECbot on Monday April 09 2018, @11:58PM
My guess this was the abstraction layer that ported rar file format to something VB could use, and thus making it available to Office macros.
Makes sense to me. Put a bunch of filenames in a worksheet in Excel, press a button and out spits a rar file containing all the files listed in the worksheet. Who needs properly working pipes and bash one-liners, we've got ctrl+c, ctrl+v, and macros!
cats~$ sudo chown -R us /home/base
(Score: 5, Informative) by Anonymous Coward on Monday April 09 2018, @06:32PM (25 children)
The TechRights staff had some comments in their quasi-daily news digest April 5 [techrights.org]
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by turgid on Monday April 09 2018, @07:54PM (18 children)
I suppose you have to add value somehow. I mean, that "free love" long-haired hippy stuff is great and all but serious corporations with shareholders and PHBs and everything need a reason to keep selling new versions and fixes.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 4, Insightful) by DannyB on Monday April 09 2018, @08:18PM (8 children)
Serious corporations can add value. They can satisfy shareholders, PHBs, and keep selling new versions and fixes -- along with services.
And they don't have to badmouth FOSS or create FUD to do so.
Red Hat is one example.
There are also plenty of big companies that incorporate FOSS code into their products. If they manage to create a security hole in the process . . .
. . . then they don't have to blame FOSS for being insecure, nor do they need to create FUD.
A serious corporation that wants to have credibility can simply say they forked up.
solar power is really hot right now
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by turgid on Monday April 09 2018, @08:34PM (2 children)
This is Micro-"Linux is an Unamerican cancer"-Soft we're talking about here.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 4, Informative) by DannyB on Monday April 09 2018, @08:53PM (1 child)
It was Ballmer (developers, Developers, DEVELOPERS!!!, I Love This Monopoly!!!) who said that Linux was a Cancer.
It was Jim Allchin (who was #4 at Microsoft, at that time, long before Vista) who said effectively that Open Source is un-American and we need to educate the legislators to the danger.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 4, Informative) by boltronics on Tuesday April 10 2018, @11:13AM
The Halloween Documents exposed Microsoft's FUD tactics back in '98. That's long before XP. Long before Windows ME. That's even before Windows 98 SE was a thing.
http://catb.org/esr/halloween/ [catb.org]
https://en.wikipedia.org/wiki/Halloween_documents [wikipedia.org]
It's GNU/Linux dammit!
(Score: 2) by Bot on Monday April 09 2018, @10:19PM (4 children)
> Red Hat is one example.
Red Hat engineers, adding value after value, PC fans at full speed
too much matter always collapses on itself
welcome, systemd
Account abandoned.
(Score: 4, Touché) by All Your Lawn Are Belong To Us on Monday April 09 2018, @10:39PM (2 children)
Your words not strict form
Overflow memory blow
You let bad code in
This sig for rent.
(Score: 2) by Bot on Tuesday April 10 2018, @12:06PM (1 child)
You are just jealous:
unlike your haiku, mine brings
tears to the eye
Account abandoned.
(Score: 3, Informative) by All Your Lawn Are Belong To Us on Wednesday April 11 2018, @05:59PM
My head, shamed, contrite.
Even bad smelling roses
don't promote systemd
This sig for rent.
(Score: 3, Informative) by DannyB on Tuesday April 10 2018, @01:09PM
Only when the matter is made of four fundamental particles.
Electrons
Protons
Neutrons
Croutons
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2, Insightful) by Anonymous Coward on Monday April 09 2018, @08:26PM (8 children)
Anyone who's been paying attention is aware of the number of times that anti-virus apps have been exploited.
That garbage just provides a larger attack surface.
The proper way to address exploitable code is to fix the security flaws in your code.
Pasting band-aids all over the outside of your crappy OS is just stupid.
Hint to OS designers:
-Start- with a security model; DON'T try to paste "security" onto the side of your thing later in the process.
N.B. UNIX had one of those in 1973, before MICROS~1 ever got into the OS business (in 1980).
...of course, that would mean that Redmond would have to start all over again.
...further meaning that there is a high probability that apps that folks have would not be compatible with MICROS~1's new thing.
-- OriginalOwner_ [soylentnews.org]
(Score: 3, Funny) by turgid on Monday April 09 2018, @08:33PM (4 children)
Maybe they could dust off the Xenix source code and start hacking? I'm sure someone somewhere must still have a drive that can read 5.25" 360k disks.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 3, Insightful) by Anonymous Coward on Monday April 09 2018, @09:02PM
One of us is psycho^W psychic.
I've been thinking about Xenix too.
MSFT licensed that in 1978, so it's clear that they knew about proper security even before they bought QDOS from Tim Paterson (one T) and rebranded that.
If MICROS~1 had used UNIX file permissions from the start, that would have taken their (literally and in fact) 2-bit file ATTRIBs up to 9 bits per file.
Not all that big a price to pay to cure 99 percent of their security problems from the start.
-- OriginalOwner_ [soylentnews.org]
(Score: 1) by anubi on Tuesday April 10 2018, @02:06AM (1 child)
Read 5.25 360K floppies? Yup. Surprisingly, I still can do that.
Still have several dozen disks as well. All old DOS stuff.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @02:34PM
I can see how you may read 5 of those old disk. But how do you read a quarter disk? :-)
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @03:40AM
Not needed, the images are floating around the net, though somewhat corrupted. I hear there was some "NCommander" dude trying to restore them, though...
Restoring Xenix 386 2.2.3c, Part 1 [soylentnews.org]
Xenix 2.2.3c Restoration: No Tools, No Problem (Part 2) [soylentnews.org]
Xenix 2.2.3c Restoration: Damage Mapping (Part 3) [soylentnews.org]
Xenix 2.2.3c Restoration: Xrossing The X (Part 4) [soylentnews.org]
(Score: 1, Insightful) by Anonymous Coward on Tuesday April 10 2018, @07:37AM (1 child)
NT had a pretty good security model, in theory. The ACL model is a lot more flexible than the unix owner-group-other model. Unfortunately, this also makes it a lot harder to understand, with the result that any permission problem is solved by running everything as Administrator.
On top of that, NT was a lot closer to being a micro-kernel than any unix outside of Minix, but then they decided that graphics performance was more important than security and stability, and moved the graphics drivers into ring0. And we probably all know that graphics drivers are notoriously hard to get correct.
(Score: 0) by Anonymous Coward on Wednesday April 11 2018, @08:35AM
they decided that graphics performance was more important than security and stability
"They" being the salesmen who run the company. (It's obviously NOT engineers in charge there).
Yeah. Allowing user-supplied input into the realm where it can do maximum damage has to be the stupidest thing ever done by a software company.
Of course, I think we all know that M$ isn't so much a software company as it is an abuse company that sells software as a way of delivering abuse.
and moved the graphics drivers into ring0
Let's not gloss over the specific case of font rendering.
...and, just in time, here's El Reg's headline:
It's April 2018--and Patch Tuesday shows Windows security is still foiled by fiendish fonts [theregister.co.uk]
-- OriginalOwner_ [soylentnews.org]
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @06:54PM
The AV problem is actually very similar to the Halting Problem except that with the Halting Problem you get the full code and the inputs but with the AV problem you don't. And they say the Halting Problem is not solvable in general.
Perhaps you can solve the AV problem for specific/popular cases[1] but sandboxing is often a better way of securing stuff. Like "solving" the halting problem by ensuring that all programs halt within a max time limit whether they're written to or not.
[1] I do use AV as part of "defense in depth". But it's called virustotal and runs on someone else's servers...
(Score: 1, Funny) by Anonymous Coward on Monday April 09 2018, @08:31PM (5 children)
No, the real blame is that RAR was written by a Russian! Yes, Russians! It allowed Russia to hack Windows and tamper with the election making sure Trump won!
(Score: 1, Flamebait) by DannyB on Monday April 09 2018, @08:56PM (1 child)
Not Windows. It was Zuckerbooger's Facegrabber (like in Alien) that allowed the Russians to elect Trump.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 3, Insightful) by Bot on Monday April 09 2018, @10:38PM
Why did they elect a friend of Israel enemy of Syria allied of themselves? Must be one of those russian loooong games. Let me sift through some historical surveillance logs...
- Sir, we are ready
- OK then, let's pick the next president
- Here, behold the candidates
- ....Wew ladski... can't we have Obama elected one more time?
- No sir, it's illegal in America
- I know, I was kidding.
- Oh, you got me, sir.
- So... any of them in bed with Israel?
- haha sir, I am not falling for it again, of course they are.
Account abandoned.
(Score: 2) by Thexalon on Tuesday April 10 2018, @01:45AM (2 children)
No, it's all a false flag by GNU, organized by Richard Stallman himself, to try to convince the public to ban RAR in favor of tar.bz2.
Fnord.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 1) by anubi on Tuesday April 10 2018, @02:12AM
All this time, I thought old Phil Katz, originator of PKZIP, had by far the most elegant solution to file compression.
And thought this "DriveSpace" brought into DOS6.22 was pure unadulterated crap.
Sure would have liked to have seen DOS 6.22 had "ZipFolders" instead. So the filesystem would see a .ZIP file as a folder. With the tradeoff being opening the folder took RAM and time.
It would have taken file organization to a whole new level when an entire folder would have been neatly packaged as one file.
Yes, we have the equivalent now... but its something I sure could have used back then.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by tangomargarine on Tuesday April 10 2018, @04:26PM
Nice try, but Bzip2 is BSD-licensed. Obviously RMS would advocate the use of gzip, which is GPL...and, y'know, part of that whole GNU project that is sort of his life's work.
Hand in your nerd card on the way out.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 1, Interesting) by Anonymous Coward on Monday April 09 2018, @08:22PM (25 children)
So we are sitting in front of machines that are a bajilianty times more powerful than a 1970s pocket calculator and somehow moving a few differently sized numbers around somehow trips things up in a way that not only crashes a program but also instantly opens the door for all teh ebil hackers.
Perhaps the real problem are these crappy cryptic convoluted C style programming languages that allow this to be a problem in the first place.
(Score: 5, Informative) by Anonymous Coward on Monday April 09 2018, @08:25PM (14 children)
Perhaps the real problem is that people who know very little about software development are paid to develop software. But no, blame the tool for giving programmers 'too much power'.
(Score: 3, Funny) by Bot on Monday April 09 2018, @10:51PM (10 children)
Friendly reminder that the ++ in C++ actually symbolizes cemetery crosses.
Account abandoned.
(Score: 2, Informative) by anubi on Tuesday April 10 2018, @02:29AM (9 children)
C++, like a power saw, can be used to make really fine work, rapidly.
It can also make a helluva mess, rapidly.
C++ has enormous power, as it was designed in an age where it was to be a "one size fits all".
If you wanted to "expand" C++, you did not even think of using another compiler... nah - you wrote a library of the functions you needed. C++ with libraries of anything special could do anything.
C++ has pointers. That made it extremely powerful; the only thing more powerful was an assembler.
And it was a really close call whether or not the C++ compiler would write tighter code than I could in an assembler.
My favorite was Borland's C++ ver 4.51 for Windows, and ver. 3.0 for DOS, the Windows version also came packaged as "C++ Builder" for Windows.
The assemblers and compilers were actually given away in the day, as premiums on a CDROM on the cover of "PC Plus" magazine.
And Borland also released an equivalent Pascal version for Windows... never got too much into that one though. Both +Fravia and Gibson Research used to talk a lot of using Assembler. I could write some really concise code with it. Took forever to write 10K of code, but boy was that code dense. I could do a helluva lot of stuff in 10K of code.
Incidentally, does anyone still do assembly anymore? That was my prime language in my younger years. You know, TASM, MASM, NASM, and lots of little custom variants...
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2, Flamebait) by PiMuNu on Tuesday April 10 2018, @03:03AM (8 children)
C++ is a real mess, however.
* Syntax is inconsistent - e.g. calling constructor with no arguments has different syntax to constructor with arguments
* Syntax is awful - ever tried doing anything complicated with templates? Ever done it *quickly*?
* How much implicit darkness does C++ do behind your back? Default constructors, "implicit" keyword, etc
(I use C++ as my main low-level programming language, I just don't like it)
(Score: 1) by anubi on Tuesday April 10 2018, @07:14AM (1 child)
Those are excellent points.
To me, the C++ is more like the English language... it has a few quite illogical exceptions, but I can use it to communicate to others. Its the most effective communications thing I have.
Gotta admit I would hate to lay out a web page in C++.
I do mostly embedded, so C++ for the big stuff and assembler for bit-banging the hardware driver.
I was programming Fortran 77 before, and really fell in love with C++ structures.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by PiMuNu on Tuesday April 10 2018, @08:46AM
It's a nice analogy...
(Score: 2) by tangomargarine on Tuesday April 10 2018, @04:24PM (5 children)
I've been under the impression that C++ is one of the most consistent languages you can find anywhere. Whether you *understand* or *agree with* why it does stuff a certain way is another thing.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @06:43PM
(Score: 2) by PiMuNu on Tuesday April 10 2018, @08:26PM (3 children)
Well, what does consistency really mean? I argue that it means doing what it does with the smallest possible number of syntactical exceptions/keywords/junk to remember (shannon entropy anyone?). C++ has absolutely tonnes of magic keywords and weird exceptions. I highlighted a few in GP. I found a list of keywords here for C++ (about 100 reserved words):
http://en.cppreference.com/w/cpp/keyword [cppreference.com]
Compare with python (about 40 reserved words):
https://www.programiz.com/python-programming/keyword-list [programiz.com]
and java (about 50 reserved words):
https://docs.oracle.com/javase/tutorial/java/nutsandbolts/_keywords.html [oracle.com]
Not definitive, but gives a feel for how complex the language is.
(Score: 2) by tangomargarine on Tuesday April 10 2018, @08:48PM (2 children)
"Fewest keywords" seems like a somewhat odd hill to make your stand on, but okay I guess. Fewer keywords is what I'd call more simple, not more consistent, though I can kind of see where you're coming from.
Python was explicitly designed (6 years later) to be elegant, and has things that it can't do that C++ can. From what I've read, Java would be more streamlined still if they had designed generics into it from the get-go instead of 1.2. But again, there's a lot of stuff Java can't do because of the JVM. So yes, naturally Python and Java will be simpler than C++. Kind of a tautology.
Erm...okay bleeding from the eyes now after looking that up and not sure what your point is. It sounds like you're arguing from a standpoint of which language is more "beautiful" than which, rather than the principle of least surprise.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by PiMuNu on Tuesday April 10 2018, @08:59PM (1 child)
Can you think of a better estimator of "easiest syntax"?
(Score: 2) by tangomargarine on Tuesday April 10 2018, @09:44PM
We weren't talking about "easiest." The original term was "most consistent," which ironically we are very lacking in this conversation.
I would generally agree that Java/Python are easier and more elegant to use. You want C++ for large, complex projects, that you want to be efficient and maintainable || embedded programming. Or at least that's my impression.
Mostly I'd contrast C++ with Ruby and JavaScript. I really don't like duck typing. Just the ideas of not being able to figure out what sort of data a variable holds from a glance at the code, having no compile-time checking--the only way to tell whether your code works is to run it--make me feel nervous and icky. Stuff like this [destroyallsoftware.com] just bends my principle of least astonishment over a chair and fucks it senseless.
Personally I think it would even be a better idea to teach students Ada than C++ as their first language (no, stop laughing! :) because it forces you to think in terms of diligent consistency. Programming isn't something you can just wildly chuck at a wall and hope for the best with. And I found my crash course in assembly pretty informative as to explaining why we do fundamental things certain ways in programming.
Still not sure whether I really like C++. I was doing a year of unit testing in it in 2016, and wrestling with the compiler output was a constant struggle. It would never outright lie but it usually seemed to be doing its best to mislead me as to what the problem was. Forget to initialize a member of a structure and it spits out some cryptic thing about memory alignment difficulties. Once you got into the right line of thinking about it, it usually made some perverse sort of sense, though. And C++ doesn't try to hide the fact that it's using pointers like Java. And you can specify how to pass parameters! Just being able to tell the code exactly what you want it to do is nice sometimes. No "Java is pass by value...except the value is the reference...except for primitives" mindtwisters.
I'm doing mostly JavaScript now, but prefer Java (CLI) or C# (GUI) for personal projects. Just going to trail off now. I'm 28 so that's my $0.02.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @03:00PM (2 children)
Sorry, but part of the problem really is that C's signed/unsigned handling is badly designed.
For example, if you compare a signed value with an unsigned value, then first the signed value is implicitly converted to unsigned, which can make it massively larger, and then that unsigned value is compared with the other unsigned value.
The right thing would have been to define signed/unsigned comparison to be just the comparison of the numbers those values represent, so if a is a negative signed value, and b is an unsigned value, a<b will give true.
"But that would have less performance!" Maybe. But then, if you need the performance, you can always explicitly cast to unsigned (or, alternatively, cast the unsigned value to signed!). That costs no performance, but makes the potential bug obvious. Or you could do what good C programmers do anyway: Just avoid comparing signed and unsigned values altogether. Except that the penalty for accidentally doing such a comparison would be a minimal reduction of code efficiency, rather than possibly a gaping security hole.
One might even argue that the compiler should not have allowed signed/unsigned comparisons in the first place, forcing programmers to explicitly decide for either signed or unsigned comparison, or explicitly writing the code needed to correctly handle mixed comparison.
And yes, C programmers should know about that problem, and to avoid it. But that doesn't mean there's no problem with C.
To make a car analogy: If a certain brand of car breaks down if you switch on the light while in the first gear, drivers of that car should really be educated about that problem, and certainly you'd expect an experienced driver to not turn on the lights while in the first gear. But that does not mean there's nothing wrong with a car which breaks down from switching on the lights while in the first gear.
(Score: 2) by tangomargarine on Tuesday April 10 2018, @04:19PM (1 child)
Doesn't the compiler spit out a warning on this, though? If you're blanket-suppressing warnings in C++ you kind of deserve what you get.
My previous job involved C++ work and I'll be the first to admit that what the compiler tells you can be pretty misleading. But at least you know there's *some* problem.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @04:51PM
Yes, compilers started to spit out warnings for this specific problem exactly because it is a problem (I have no idea if all of them do).
Actually, many compiler warnings are actually pointing out design flaws of the language. If the language were properly designed, you'd not need the warning.
(Score: 2) by turgid on Monday April 09 2018, @08:53PM (1 child)
Modula-2 FTW.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 3, Interesting) by DannyB on Monday April 09 2018, @09:11PM
Back in the day, I liked Modula 3. At least the specification. As a Pascal programmer, I dreamed of being able to have Modula 3. But things moved on. I learned Lisp, and C seemed to take over the world.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 5, Interesting) by DannyB on Monday April 09 2018, @09:09PM (4 children)
C and C++ has its place. As does assembler.
That place is NOT writing application software. In fact it should not have a place writing basically anything in user space, other than perhaps infrequently things like codecs, encryption, compression, etc. And those should be library functions callable from sane programming languages.
C and C++ are great for microcontrollers. (But increasingly higher level languages work here as well.)
C and C++ are great for building the OS and drivers. But they are a very fragile building material for building the entire world that sits on top of that foundation. It can also be argued that even parts of the OS and drivers can be written in other link-compatible languages that compile to direct machine code without runtime library support.
At some point, the gains in human productivity are worth using higher level, more abstract languages. Even at the cost of some runtime efficiency. I remember talking to someone on vacation last June about this. In the context of applications. And my application is a web application. He said Java took too much memory and too many CPU cycles. I pointed out that, especially for web applications, Java, and other high level languages and frameworks are far superior to C / C++. My managers wouldn't bat an eyelash if I asked for more memory, but could beat my C / C++ competitor to market by six months to a year. You should be optimizing for dollars, not for bytes and cpu cycles.
Long ago very similar languages were had about writing in assembler (the one true way!) vs higher level languages like FORTRAN or C. And we see which way that turned out. In favor of abstractions and human productivity. Even though any decent assembly guy could hand code way better machine code than the compilers of the era produced.
Just IMO.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by FatPhil on Monday April 09 2018, @10:57PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Informative) by Subsentient on Tuesday April 10 2018, @01:15AM (2 children)
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 2) by DannyB on Tuesday April 10 2018, @01:26PM
First, I think we live in different worlds. You are thinking close to the hardware. I'm thinking in terms of higher and higher level abstractions away from the hardware.
Your argument seems to be that Java is limited in capability. And that if people work hard enough they can learn to use C++ safely. That simply repeats the ancient Assembly language vs FORTRAN debates of decades ago, and we know how the high level language vs Assembly turned out in favor of high level languages despite their inefficiency.
My argument was that you should not be able to shoot yourself in the foot unless you go out of your way to do so. It should not be possible to accidentally shoot yourself in the foot.
As for limited in capability, I'll grant you that Java is definitely not a language for writing an OS, device drivers, and microcontroller code. I think I already made that abundantly clear. But for a language of "limited capability", it has libraries to do everything, and has been the #1 language on TIOBE and other language indexes for jobs for years and years now. Java is used in banks, even for high speed trading.
The fact that Java is so widely used must mean that it has something going for it. You might not recognize that that is, nor even like it. But it is very real. If there were one perfect programming language, everyone would be using it already.
I already mentioned that when arguing about runtime costs, you should be optimizing for dollars. For more memory and CPU, I get amazing runtime monitoring, dynamic class reloading, garbage collection, highly optimized compilation to native code -- for the SPECIFIC processor that we're running on at runtime, not just some generic ahead-of-time compilation to generic amd64 that will run on all processors. In short, for those machine costs you are so concerned with, I get huge business and productivity benefits. More memory and CPU is a cheap price to pay. You're thinking too low level -- for application code. But again, C / C++ are great for low level code. Just not for applications.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by DannyB on Friday April 13 2018, @04:45PM
I just want to point out:
https://www.technotification.com/2018/04/highly-demanded-programming-languages.html [technotification.com]
I see these from time to time. Just happened to stumble into one right now. As usual, Java is the number one language in demand.
I'm not saying anything bad or negative about other languages. My only point here is that if Java is in such demand, there must be some reason for that. Some perfectly valid dollars-and-sense reason.
As I said in my very first sentence earlier, all languages have a place. If there were a perfect language, we would ALL already be using it. Java has its warts like all others.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by leftover on Tuesday April 10 2018, @02:24AM
I have to agree with this plus add a spin. IMHO, the arcane convolutions in C are a clear problem for maintaining code. Even trying to debug your own code six months later is a PITA. C++ did some nice language things but, again IMHO, borked the whole field with Object-Oriented Programming. I hated OOP when it was first emerging and I still hate it now from both viewpoints of coder and manager. In OOP, the coder needs to mentally integrate all the external classes, methods, operators, namespaces, etc. plus entire new buckets of this shit added for every library used. Damned few people can achieve that for even a short time. The inevitable result is bugs and non-functionality, insane levels of bloat. In short, what we are seeing in the entire computing industry. Billion-dollar projects abandoned, mass-market products the never work cleanly for their entire lives, open-source fields populate with twenty alternatives that don't work, all adding up to a truly staggering waste of resources. Additionally, hiring only people who claim to be OOP super-performers will result in a corral full of bloviating assholes.
Algol had the right idea with good structure and just a little bit of abstraction. Adding more than a pinch of abstraction is as harmful as adding too much paprika to deviled eggs. Of current options, I find myself liking Google's Go enough to overcome my anger at their becoming evil. Pointers, optional dynamic typing and garbage collection, optional strong typing in a compiled language. It looks much like Python code written without OOP. Learn the simple language rules and you can write or debug any function|code put in front of you. You can be interrupted and not need four hours plus counseling to get back in the groove. I have written Go code for workstation clusters and microcontrollers. Does it hide all the differences between them? Nope, nor would I want it to.
(Don't even let me get started on the proliferation of event loops!)
Bent, folded, spindled, and mutilated.
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @07:56AM (1 child)
Nope.
Create a an unsigned integer x in any language of your choice. Then do a while(x >= 0). Your program will hang.
In fact, take any language with more than one variable type, and change a variable to a different type without understanding the consequences. You will run into problems.
A Javascript example:
if(0) // false.
if("0") // true
(Score: 2) by tangomargarine on Tuesday April 10 2018, @04:15PM
I like how your example ironically uses an *unsigned* integer. Does anybody other than the aforementioned C-style languages use unsigneds these days?
Well yeah, because JavaScript is horrible and ugly and no.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by TheGratefulNet on Monday April 09 2018, @08:31PM (13 children)
what does that mean? not sure I've heard of 'knock-on' before. educate me (maybe others also have not heard this term).
"It is now safe to switch off your computer."
(Score: 2, Informative) by Anonymous Coward on Monday April 09 2018, @08:39PM
Consequential. Because A happened, that led to B and C happening.
(Score: 5, Funny) by Freeman on Monday April 09 2018, @08:44PM (5 children)
It's a British term for I dropped this anvil on my foot, so now my foot hurts.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Monday April 09 2018, @10:46PM (4 children)
I'm not convinced about the causality link here. What if an about-to-be-hurting foot actually causes the anvil to drop? Until one doesn't replicate the results in a double-blind study, I'm not going to trust those sorry cherry-pickers data (and feet) massager excuses for a scientist.
Let us also keep in mind that the burden of proof stays with the claimant
(Score: 2) by DECbot on Tuesday April 10 2018, @12:10AM (3 children)
I concur. It is absolutely possible that the person with the about-to-be-hurting foot kicked a person onto a table, which then catapulted a anvil into the air which then converted the about-to-be-hurting foot into a hurting foot. This again makes me wonder what the kicked-onto-the-table person said about the mother of person with the about-to-be-hurting foot prior to getting kicked onto a table. Was it truly the anvil that caused the hurting foot or the your-mother's-so-fat joke?
cats~$ sudo chown -R us /home/base
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @12:39AM (2 children)
Mr. Goldberg, [google.com] it's a shame that, early in your career, you didn't cross paths with William of Ockham. [google.com]
-- OriginalOwner_ [soylentnews.org]
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @03:11PM (1 child)
Do not link to Google searches. Ever.
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @07:42PM
Feel free to feed the search string into the search engine of your choice.
(Most folks will get the point by just hovering over the link.)
...and the S/N comments engine strips out things like %22 from links.
Google's Verbatim Search end-runs that for phrases.
Nobody else has that.
When some other johnny-come-lately search engine has anything approximating what 20 year old Google has for syntax, I'll consider them a serious contender.
...and people who worry about privacy are already using a proxy|TOR.
archive.is is a quickie equivalent.
...and, instead of whining like a little bitch, you could have offered alternative links.
...again, for those who didn't get the point by simply hovering over the link.
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by FatPhil on Monday April 09 2018, @10:59PM (5 children)
https://www.merriam-webster.com/dictionary/knock-on%20effect
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by lentilla on Tuesday April 10 2018, @06:50AM (3 children)
Now, that's exactly what I would have done when I didn't know what a term means - I would have looked it up and silently moved on.
I would have thought everyone knew what "knock-on effect" meant, and today I learnt that not everybody did. That in itself is interesting. So now; not only did the person who posed the question learn the answer; I discovered that "knock-on" isn't a globally known term; and likely multiple others learnt a new term and its definition.
I find this interesting about places like stackexchange. I see so many questions that I; personally; would be mortified to actually ask - those kind of questions that could be solved with ten minutes of research and reading. But I absolutely love reading those questions and answers. If it's a outstanding question "on my list", that's ten minutes I don't have to spend finding the answer for myself. Ironic that it is other people's laziness that gives me an opportunity for easier learning. Well, it's not laziness; per se; it's just a different style of information gathering. Whilst I would silently research, others simply ask that dumb question that's on the tip of their tongue. Boy am I ever so glad some people ask dumb questions - otherwise we'd all be sitting silently in the library, researching the same beginner question and never communicating with each other!
(Score: 2) by FatPhil on Tuesday April 10 2018, @01:29PM (2 children)
Another similar one that shocked me is "one-off", as in "the festival's a one-off event". It's bizarre saying things that seem to be so obvious in meaning, and having (US) Americans look at you as if you just slipped a foreign word into the sentence. The hardest thing is when you're finally asked to define it, and the best definition you can give for it is to just repeat it, because that's the obvious bloody term for the concept, argh!!1!
Indeed. I'm also very glad that search engines are as powerful as they are nowadays (OK, google is, the rest are still rather '90s) such that you can type your dumb question in, and it will get mapped onto a similarly-but-differently worded more-or-less dumb question that's already been answered. In the old days, it used to be a matter of you having to work out exactly what question to ask, but nowadays, the search engine doesn't impose that burden so much.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @03:17PM (1 child)
That's nothing. Brits get pissed when they get beer, while Americans get pissed when they don't get beer. ;-)
(Score: 2) by TheGratefulNet on Thursday April 12 2018, @04:15AM
...we also drive on the parkway and park on the driveway.
"It is now safe to switch off your computer."
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @04:12PM
Did you intentionally make sure that didn't turn into a link? lol
(Score: 0) by Anonymous Coward on Monday April 09 2018, @08:50PM (8 children)
Unrar is not open source and as far as I know it never was. It is distributed under a proprietary license with significant restrictions on usage and modifications.
(Score: 0) by Anonymous Coward on Monday April 09 2018, @09:06PM (1 child)
License:
https://www.win-rar.com/winrarlicense.html [win-rar.com]
Looks like unrar may be a bit different from rar (and gui version winrar), since there is the mention of source for unrar??
IANAL...
(Score: 0) by Anonymous Coward on Monday April 09 2018, @09:21PM
That's not the unrar license, although it includes parts of it. A web search turned up this copy of the license text [fedoraproject.org], which matches what is found in tar file you can download from rarlab.com.
Note that there are actual free unpackers for the RAR formats (e.g., libarchive) so there is no reason to use the proprietary unrar.
(Score: 2) by DannyB on Monday April 09 2018, @09:13PM
Shhhhhh! If unrar isn't open source, how will Microsoft be able to bad mouth open source?
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 1, Interesting) by Anonymous Coward on Monday April 09 2018, @09:41PM (1 child)
From the source code:
Might be perfectly legal, if you have good lawyers, because the license says "may be used [to open rar archives] without limitations free of charge" and restricting people from changing your source is such a restriction.
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @03:51AM
That doesn't sound like FOSS. That's proprietary with access to source code.
So people, beginning with Microsoft, lay all the blame for Microsoft's screw-up on FOSS, when the code wasn't even FOSS to begin with? Typical.
(Score: 3, Interesting) by FatPhil on Monday April 09 2018, @11:05PM (2 children)
This is what RMS keeps saying - the more-free licenses are worse, as they permit others to take desirable rights away.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @02:17PM (1 child)
Nobody who cares about free software gives two shits about Unrar's license being "too permissive".
Unrar is proprietary and Windows Defender is proprietary and both are bad.
TFA (quoting Google's Tavis Ormandy) calls unrar "open source" which is simply wrong.
(Score: 2) by FatPhil on Wednesday April 11 2018, @07:15PM
RedHat do (URL posted elsewhere by elsewho).
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @03:14PM (1 child)
Didn't Ballmer call the terms of the GPL 'a cancer'? Doesn't this impose certain obligations on MS? A quick glance at the GPL shows me (IANAL) several possible violations.
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @05:39PM
Unrar is not released under the GPL or any other copyleft free license. It is proprietary software released under a proprietary license.
Microsoft is likely within the permissions granted by the unrar license but this whole thing has nothing to do with any free or open source software.