Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Chris Morgan <cm@mihalis.net>]

"Robert I. Eachus" <rieachus@earthlink.net> writes:

>     You seem to want to continue to misunderstand.

I don't want to misunderstand, and I'm not sure I misunderstand
anyway. 

>  Why would gunzip fail?  Because the checksum did not match.

Which implies a bad download. So any user is safe from a bad
download. 

>  MD5 allows additional protection against forged checksums, which
> are totally inapplicable to this case.

Not if people got their files from some other ftp server nearer them
on the net but checked the MD5 checksums against a hypothetical web
page on www.gnat.com.

> To repeat something which you may have missed, ACT does not create all
> of the versions of GNAT, not even all versions on cs.nyu.edu.  And for
> example, if you want a version of GNAT for Linux, there are several
> versions depending on whether you have Debian or Red Hat, and on which
> kernel version you are using, etc.

There is no profusion of linux versions on cs.nyu.edu :

ftp> dir gnat-3.12p*
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
-rw-r--r--   1 ftpuser  ftpusers   8734825 Nov  2 19:40 gnat-3.12p-alpha-dec-osf4.0d-bin.tar.gz
-rw-r--r--   1 ftpuser  ftpusers   1562945 Oct 19  1999 gnat-3.12p-docs.tar.gz
-rw-r--r--   1 ftpuser  ftpusers   6246712 Oct 19  1999 gnat-3.12p-hppa1.1-hp-hpux10.20-bin.tar.gz
-rw-r--r--   1 ftpuser  ftpusers   5295724 Oct 19  1999 gnat-3.12p-i386-pc-solaris2.6-bin.tar.gz
-rw-r--r--   1 ftpuser  ftpusers   6525643 Oct 19  1999 gnat-3.12p-i686-pc-linux-gnu-bin.tar.gz
-rw-r--r--   1 ftpuser  ftpusers   8497448 Oct 19  1999 gnat-3.12p-powerpc-ibm-aix4.1.4.0-bin.tar.gz
-rw-r--r--   1 ftpuser  ftpusers   8057292 Oct 19  1999 gnat-3.12p-sparc-sun-solaris2.5.1-bin.tar.gz
-rw-r--r--   1 ftpuser  ftpusers   4266495 Oct 19  1999 gnat-3.12p-src.tar.gz
226 Listing completed.
ftp>

It's been mostly like this, apart from version numbers for, oh, about
5 years or more.

My understanding is that, in actual fact, the above
gnat-3.12p-i686-pc-linux-gnu-bin.tar.gz is ACT's public version. Same
goes for the Solaris file. The Ada for Linux stuff doesn't seem to be
there, it's on www.gnuada.org as usual.

>  You are much, much more likely to
> run into problems due to downloading the wrong version or installing it
> improperly than from someone smuggling a spoofed version onto the
> server.  

Right. This seems like my point, not yours. Robert seemed to me to
casting aspersions on the authenticity of any copies not received
under contract via CD. Since even untarring the files successfully
means you did't have a bad download, and since the files on cs.nyu.edu
are put there by ACT, I think this implication is wrong, and
unfortunate. 

>     If you really need security, you have to pay the price.  I am not
> talking about ACT's support price, which is trival, if you are working
> on a trusted or secure system.  It may triple or more the cost of
> development to insure that your tools are trustworthy, and yes, if you
> need security and mission or life critical code, you can triple it
> again.  Just adding an MD5 checksum would not help at all, you need to
> start with a risk analysis and a threat analysis.  Then you can start
> doing all the things necessary to reduce the threat, which often will
> include examining the generated machine code for certain key parts of
> your program, burning parts of the code into ROM, etc.

This is not the level I was talking about.

Once again, RBKD wrote :

> Actually, as far as I can tell, this project did not make use of the
> commercial version of GNAT, but used some unsupported public version
> obtained somewhere from the net (and certainly not from Ada Core
> Technologies). Yes, among the technologies mentioned on the slides,
> it mentions that GNAT is the most stable, but still this is NOT the
> commercial version of GNAT.  In fact we can't even be sure that it
> is the same bits that we originally placed there. The advantage of
> freely available software on the net is precisely that, it is freely
> available, but the downside is you can never be sure exactly what
> you are getting.

I am only talking about the implication that you can't be sure you get
a "good GNAT" unless you get support.

Here's my situation (sort of hypothetical). I work for a company doing
Ada on some tired old machines with some tired old compilers. I go
straight to cs.nyu.edu via ftp, turn on the binary flag, and download
the Solaris version. It ungzips and untars nicely and installs and
runs. 

Now, I examine the compiler for things like how well it parses our
code, how much memory it needs for our big packages etc. I report back
to my managers.

Now, of course ACT has new and better stuff up its sleeve, so of
course my conclusions aren't definitive, but are my managers supposed
to think I'm a fool for paying any attention to that "unsupported
public version"? Well in my case I tell them "we really should use the
wavefront from ACT off their customer site" and the response is the
(slightly surprising) "no we'll use the public version, we don't want
to be guinea pigs for anything not publically released yet unless we
really need to".

>  
> > Fair enough. But if I download this new p version and have a problem,
> > it shouldn't be hard to verify my version.
> 
>    Have you had a problem?  I certainly have had bad downloads, but no
> difficulty in determining that the problem was just that...


No, that's the point. I've never had a problem. Or perhaps I should
say I never did have a problem when this stuff was my job (the above
is only hypothetical because it's ancient history).

>      They can reliably transmit a known version to you.  What RBKD is
> saying is that the version you pick up off the web without any
> involvement by ACT is not reliably transmitted, and I can't understand
> why you find that amazing.  ACT is very good at insuring that the
> version they send you is appropriate for your system.  If you want to
> install the Solaris version on your PC, it won't work, it is not their
> fault, end of story.  Also if you decide to build GNAT from source for a
> currently unsupported system without ACT's help, they do not guarentee
> the result in any way, but they are quite willing to let you do so.  If
> you want to do that, and add an MD5 signature to the version you
> prepare, go ahead.

What he's saying seems to be true if you accept that the public
versions of GNAT are not really publically available at all, since you
can't get them from ACT and anywhere else is just some unconnected
random friendly bit bucket. I don't think this is true of cs.nyu.edu.

> 
>      Well maybe not end of story.  You have to understand what RBKD was
> saying.  He was NOT saying, if you want to be sure of getting our
> version of GNAT, you must pay.

That is precisely the implication that I perceived. How can I get the
public version of GNAT? Well not from ACT, and if this explanation
that I'm perhaps still not understanding is to be believed, not from
anywhere else either since you can't get public GNAT from ACT without
telling sales@gnat.com that you're a potential sale. Well since I'm no
longer in the Ada business at all whatsoever, I won't be able to
afford any level of ACT support, plus I wouldn't mislead their sales
people, so I guess it's impossible for me to get an authentic version
of the public release of GNAT 3.12. Oh well.


>  He was saying that the support given to
> POTENTIAL customers by sales@gnat.com often makes the difference in a
> company's compiler choice.  If you are trying to choose between
> supported compilers, compare the supported GNAT product to their
> competitor's supported product, or even to the unsupported version of
> GNAT.  The "handholding" can, and often will, make a big difference. 
> For example, if your company has Ada 83 legacy code and you are moving
> to Ada 95, they can help, in some cases by providing a special compiler
> version, to make it easy to get the existing code into GNAT style
> libraries and still or back under your version control system.  This is
> why he is saying you should compare apples to apples.

I know all this very well. I know how ACT's support compares to other
vendors. I know what some other vendors said about GNAT. The one thing
I don't like and don't understand is why there isn't a
/pub/unsupported on ftp.gnat.com with anonymous access and all the
publically released files.

I mean, I even made the bad mistake of trying to defend the ACT way
against unfounded criticisms from a very upset unsupported GNAT users,
and yet I don't see how this particular point meshes with ACT's happy
espousal of RMS's ideas.

>     On the other hand, if you intend to compare the free version to some
> other compiler, go ahead.  But understand that it is not the product
> that ACT is selling.  The support from ACT is very good, and that is one
> of their major selling points.

But it's the same compiler!!!!!!!

Perhaps there are so many people who don't assume in any comparison
that all tools must have been successfully installed and their full
documentation is at hand before any comparison is worth anything, that
the installation and getting started handholding is a huge issue. From
my point of view, however it was fairly clear how the competing
products stacked up even using the completely unsupported GNAT
releases from cs.nyu.edu. Even they were better, and that's the
point. 

It's all rather moot for me anyway (that's the colloquial usage
meaning "irrelevant", I know RBKD doesn't like that usage, sorry). I
use GNAT at home for my own projects perfectly well. I don't use Ada
at work, so I'm not terrified of the Ada cabal. Not that there is one.

Perhaps people still in the trenches would like to comment?

Chris
-- 
Chris Morgan <cm at mihalis.net>                  http://mihalis.net
    "O gummier hum warder buffer-lore rum 
     Enter dare enter envelopes ply"