From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-08-03 11:06:11 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news.tele.dk!194.213.69.151!news.algonet.se!newsfeed1.telenordia.se!algonet!newsfeed1.funet.fi!newsfeeds.funet.fi!uio.no!ntnu.no!not-for-mail From: randhol+abuse@pvv.org (Preben Randhol) Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. Date: Fri, 3 Aug 2001 18:06:10 +0000 (UTC) Organization: Norwegian university of science and technology Message-ID: References: <3b690498.1111845720@news.worldonline.nl> <9kbu15$9bj@augusta.math.psu.edu> <3b6a453c.1193942215@news.worldonline.nl> <9keejl$fhj@augusta.math.psu.edu> NNTP-Posting-Host: kiuk0156.chembio.ntnu.no Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: tyfon.itea.ntnu.no 996861970 13637 129.241.83.82 (3 Aug 2001 18:06:10 GMT) X-Complaints-To: usenet@itea.ntnu.no NNTP-Posting-Date: Fri, 3 Aug 2001 18:06:10 +0000 (UTC) User-Agent: slrn/0.9.7.1 (Linux) Xref: archiver1.google.com comp.lang.ada:11242 comp.lang.c:71952 comp.lang.c++:79757 comp.lang.functional:7268 Date: 2001-08-03T18:06:10+00:00 List-Id: On 3 Aug 2001 11:05:25 -0400, Dan Cross wrote: > Is one's convenience, or some modicum of additional speed, really worth > the risk? A parallel can be drawn to software. We often hear people > saying, ``oh, I don't want to deal with bounds checking because it'll > slow down my program.'' My answer to this is always, ``well, does that > matter? Does your program need to be that fast? And how much will it > really slow things down?'' Often, the answers are surprising mundane > and support bounds checking. I think that the old macho thinking is still lingering around. Like a car enthusiast want to have his head down in the engine all day changing screws etc to make the engine perfect, though never actually travel somewhere with it. A "real" programmer[*] won't fiddle with high level languages as his programs will not run as fast as if one did it in assembly or pseudo-assembly (read C). Never mind that it takes a lot longer to develope. I heard a story once about a computer project at a university. The students had a task to solve and they could choose their language. The girls mainly chose Lisp or some other high level language and got the task done quickly and efficiently returning working code. The boys mainly chose C and few actually managed to complete the task in time or at all. So I fear that sometimes the macho gets in the way of the solution. For other experience on this look at: http://www.acm.org/sigada/conf/sigada99/mccormick.html If an app uses 10 seconds more to startup or 5% longer to complete a task, where is the hurt? I am pretty sure that if you also put into the equation all that time that is spent after a program has crashed etc.. you will find that you don't loose time on software with better quality. Preben [*] Not a real programmer, only somebody who thinks "High level languages are for sissies, let me bit flick!" -- �Don't use C; In my opinion, C is a library programming language not an app programming language.� - Owen Taylor (GTK+ developer) Use Ada 95, a free language. More info at http://www.adapower.com/