Re: Why write an Ada web browser ?, was: Re: GNAT Ada - DLL - MSVC

[David Marceau <davidmarceau@sympatico.ca>]

Simon Clubley wrote:
> 
> In article <3D062F7D.406B8709@sympatico.ca>, David Marceau <davidmarceau@sympatico.ca> writes:
> >
> > IMHO my dream multi-platform state-of-the-art gui:
> > 1)The web browser itself and the web browser flash player plug-in should
> > be re-written in ada.
> 
> I have been reading comp.lang.ada for about a year, and during that time
> the wish for a web browser to be written in Ada has been made a number of
> times.
> 
> So, my question is, why write a whole new web browser in Ada ?
So the browser would be more reliable, more secure and more easily
maintained/reused.
Note how I didn't say it would be faster than assembler or c.

> 
> Some advantages are obvious; an Ada browser shouldn't have problems with
> buffer overflows.
Buffer overflows have been seen as security issues in os's.  
Ada helps to minimize this.  Unless you are deliberately using pointers
in your software,
Ada has a much stronger chance at not doing any buffer overflow.
Using pointers in Ada is much safer than in c/C++ 
because pointers in ada are harder to use(there are more steps involved
to use them).
This is by design(it's a feature).  

> 
> However, I don't see how an Ada based browser would help with other
> errors like cross-site scripting which I understand are mainly logic
> errors.
What do you mean by cross-site scripting?

> 
> Also, how much of the web browser would you write in Ada ? Just the core
> of the browser or everything ?
Everything.  A software(like a chain) is only as strong as its weakest
link.

> 
> To expand on that question:
>         Would you write new Ada widgets to display JPEG/GIF/etc images,
>         including the decoding/decompression of the image ?
Yes. For long-term multi-platform maintenance and reuse reasons. 
Nothing beats ada here IMHO.  Not even java.

> 
>         Would you write a Java Virtual Machine implementation in Ada ?
In my opinion it is a waste of time because assuming you have access to
the source, you could recompile on any platform quite easily.
The recompiled ada would be much faster than a JVM running java byte
code.  JAVA and jvm is hype IMHO.

> 
>         How about FTP/Telnet/secure sockets, etc ?
Sockets. Don't have to Adasockets
Secure sockets. Don't have to Adasockets
Http downloads/uploads binary files. Don't have to AWS.
FTP seems to be redundant now. No.
Telnet yes.  Great for debugging.
gdb yes.
ssh/ssl.   Yes and by far the most important for security reasons.

> 
> What method would an Ada browser use to handle the requirement to
> dynamically support plug-in modules and to execute the code within
> that plug-in ? What would be the advantages of that method ?
Dynamic run-time plug-ins are a security issue.
Making an architecture that permits dynamic loaded plug-ins that can
access the same piece of memory in a process is a hackers paradise.
(i.e. .so's/.dll's)
That's why having source is better.  You can decide to save disk
space(using .dll's/.so's) or not(using static .a's).
For security reasons, I prefer to think source and building the .a
myself is best.
Back to plug-in architecture I like AWS http://libre.act-europe.fr/aws/ 
because for each plug-in created, it is run as a separate process and
talking to the other process via a protocol 
hence protecting the original program from being tampered with via
memory. 
That doesn't mean your code will remain hack-proof:
-some engineers have devised cool electromagnetic ray guns
reading/changing bits in your computers's memory hence changing your
code.  There is nothing ada can do here.
-some other engineers are pros at sniffing protcols and tweaking bits
here and there.  The least it can do is protocol-jam however there is
potential for more damage.  Ada at least reduces the risk of this
happening.
-some other pros can go into your office duplicate and swipe your hard
drive.  Change stuff then swipe it back in.  There is nothing ada can do
here.

The above is not sci-fi.  It exists.  Hence e-commerce confidence going
doing the tubes.
Case in point check out all the hackers making money off of duplicating
satellite-tv/pay-tv smart-cards.  
I've been offered many-a-time to buy one.
Recently here in Montreal, Canada a couple of pros stole credit card
making machines and Provincial Medical Card making machines.
They made a mint off of making fake Medical ID's with which they used do
get Credit card's with.

The possibilities of people hacking into your machine are there 
but the motivation to do so is only there if there are others who
perceive your machine has something of value worth hacking into.
> 
> And finally, would the work involved in writing an Ada browser be justified
> by Ada's advantages ?
To reiterate it again.  Writing an ada browser
would be justified by just its multi-platform long-term maintenance and
reuse alone.  
However it is even more justified for its security and reliability
strengths.  
If you feel strongly about writing code that will surpass your lifetime,
write it in ada.
It will have a better chance at not getting scrapped.

Sant� bonheur,
David Marceau