From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII X-Google-Thread: 103376,1943b1e68472411f X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-06-12 08:06:18 PST Message-ID: <3D0761FF.38554417@sympatico.ca> From: David Marceau X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.17-10mdksmp i686) X-Accept-Language: en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Why write an Ada web browser ?, was: Re: GNAT Ada - DLL - MSVC References: <3D062F7D.406B8709@sympatico.ca> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Date: Wed, 12 Jun 2002 11:00:15 -0400 NNTP-Posting-Host: 65.92.168.142 X-Complaints-To: abuse@sympatico.ca X-Trace: news20.bellglobal.com 1023894173 65.92.168.142 (Wed, 12 Jun 2002 11:02:53 EDT) NNTP-Posting-Date: Wed, 12 Jun 2002 11:02:53 EDT Organization: Bell Sympatico Path: archiver1.google.com!news2.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!sunqbc.risq.qc.ca!torn!webster!nf1.bellglobal.com!nf2.bellglobal.com!news20.bellglobal.com.POSTED!not-for-mail Xref: archiver1.google.com comp.lang.ada:25798 Date: 2002-06-12T11:00:15-04:00 List-Id: Simon Clubley wrote: > > In article <3D062F7D.406B8709@sympatico.ca>, David Marceau writes: > > > > IMHO my dream multi-platform state-of-the-art gui: > > 1)The web browser itself and the web browser flash player plug-in should > > be re-written in ada. > > I have been reading comp.lang.ada for about a year, and during that time > the wish for a web browser to be written in Ada has been made a number of > times. > > So, my question is, why write a whole new web browser in Ada ? So the browser would be more reliable, more secure and more easily maintained/reused. Note how I didn't say it would be faster than assembler or c. > > Some advantages are obvious; an Ada browser shouldn't have problems with > buffer overflows. Buffer overflows have been seen as security issues in os's. Ada helps to minimize this. Unless you are deliberately using pointers in your software, Ada has a much stronger chance at not doing any buffer overflow. Using pointers in Ada is much safer than in c/C++ because pointers in ada are harder to use(there are more steps involved to use them). This is by design(it's a feature). > > However, I don't see how an Ada based browser would help with other > errors like cross-site scripting which I understand are mainly logic > errors. What do you mean by cross-site scripting? > > Also, how much of the web browser would you write in Ada ? Just the core > of the browser or everything ? Everything. A software(like a chain) is only as strong as its weakest link. > > To expand on that question: > Would you write new Ada widgets to display JPEG/GIF/etc images, > including the decoding/decompression of the image ? Yes. For long-term multi-platform maintenance and reuse reasons. Nothing beats ada here IMHO. Not even java. > > Would you write a Java Virtual Machine implementation in Ada ? In my opinion it is a waste of time because assuming you have access to the source, you could recompile on any platform quite easily. The recompiled ada would be much faster than a JVM running java byte code. JAVA and jvm is hype IMHO. > > How about FTP/Telnet/secure sockets, etc ? Sockets. Don't have to Adasockets Secure sockets. Don't have to Adasockets Http downloads/uploads binary files. Don't have to AWS. FTP seems to be redundant now. No. Telnet yes. Great for debugging. gdb yes. ssh/ssl. Yes and by far the most important for security reasons. > > What method would an Ada browser use to handle the requirement to > dynamically support plug-in modules and to execute the code within > that plug-in ? What would be the advantages of that method ? Dynamic run-time plug-ins are a security issue. Making an architecture that permits dynamic loaded plug-ins that can access the same piece of memory in a process is a hackers paradise. (i.e. .so's/.dll's) That's why having source is better. You can decide to save disk space(using .dll's/.so's) or not(using static .a's). For security reasons, I prefer to think source and building the .a myself is best. Back to plug-in architecture I like AWS http://libre.act-europe.fr/aws/ because for each plug-in created, it is run as a separate process and talking to the other process via a protocol hence protecting the original program from being tampered with via memory. That doesn't mean your code will remain hack-proof: -some engineers have devised cool electromagnetic ray guns reading/changing bits in your computers's memory hence changing your code. There is nothing ada can do here. -some other engineers are pros at sniffing protcols and tweaking bits here and there. The least it can do is protocol-jam however there is potential for more damage. Ada at least reduces the risk of this happening. -some other pros can go into your office duplicate and swipe your hard drive. Change stuff then swipe it back in. There is nothing ada can do here. The above is not sci-fi. It exists. Hence e-commerce confidence going doing the tubes. Case in point check out all the hackers making money off of duplicating satellite-tv/pay-tv smart-cards. I've been offered many-a-time to buy one. Recently here in Montreal, Canada a couple of pros stole credit card making machines and Provincial Medical Card making machines. They made a mint off of making fake Medical ID's with which they used do get Credit card's with. The possibilities of people hacking into your machine are there but the motivation to do so is only there if there are others who perceive your machine has something of value worth hacking into. > > And finally, would the work involved in writing an Ada browser be justified > by Ada's advantages ? To reiterate it again. Writing an ada browser would be justified by just its multi-platform long-term maintenance and reuse alone. However it is even more justified for its security and reliability strengths. If you feel strongly about writing code that will surpass your lifetime, write it in ada. It will have a better chance at not getting scrapped. Sant� bonheur, David Marceau