DEC
23
2003

Property Syntax Revised

Since I wrote the last entry about properties, the comments and Groovy changed my mind about the property syntax:

DEC
22
2003

Programming-by-contract in C-based languages

I do not know much about Eiffel (and I can't stand its Pascal-like syntax...), but the Eiffel feature that I like is design by contract. Design by contract means that function interfaces, the APIs, are seen as a contract between the creator and the user. In most languages this contract is mostly written down in the documentation. Eiffel has them written in the source code. It is also possible to do this in a language like Java, but Java's syntax needs a small modification to make this really comfortable.

DEC
20
2003

Resource management in garbage collecting languages

One of my favorite C++ features is resource management with stack-allocated objects. It can hardly get more convenient than writing

DEC
18
2003

Property syntax

Today I realized that the property syntax of in all C-based languages sucks. Lets a assume a very simple class called 'SubString' that describes a fragment of a string and has two properties: its length and the index of the first character of the string. The class implementation has two field members, one containing the first character's index, and the other the index of the first character after the string. One problem is that there is no field member corresponding to the second property. This is what I call a virtual property. In this simple example there is no real reason for having a virtual property, but in reality this happens quite frequently when you want to expose a value of an aggregated object.
Let's try to implement this in Qt/C++, Java and C#.

DEC
16
2003

Thought Experiment: XML integrated into a C-like language

In recent days I made the following thought experiment: how can XML processing be made easier by integrating XML support into a Java/C#-like programming language.

I created the code snippet below to try out what such a language could look like. The syntax of this theoretical language:

DEC
13
2003

The Linux platform and modern GUI-based operating systems

During the last years I encountered a number of problems in the Linux platform's architecture that cause problems for GUIs on top of it. When I say 'the Linux platform', I refer to the Linux kernel, glibc and the common GNU and Linux tools, but not X11. I also ignore distribution-specific solutions for the problems. In general the lack of a tool is not a real problem for me, it just is some work that needs to be done. I am talking about the architecture, problems that can not be solved without incompatibilities or at least a lot of work. A 'modern GUI-based OS' is, for me, a OS that does not require a user to know or use a command line tool, even for rare system-administration tasks. That does not mean that it should be impossible to work with the command line and a text editor, but the command line must not be the only way to do an administration task.

DEC
4
2003

Why the attacks on Debian and Savannah were possible (and more will follow)

In the last two weeks servers of Debian, Savannah and Gentoo have been compromised, as you probably noticed. And they won't be the last ones. Many people brag about the security of free software, but I have never seen a single technical reason why free server systems should be more secure. The only reason why there are fewer worms is that there's more fragmentation and the users are more experienced. It's easier for a worm to spread when 50% of the Internet's computer are binary compatible rather than only 0.1%. But when an attacker wants to attack a specific server, a Linux or OpenBSD server is not more secure than a Windows or MacOS server. This year there were exploits in the Linux kernel, Apache, OpenSSL, thttpd, MySQL, Samba, CVS, OpenLDAP, ProFTPd, Sendmail, PostgreSQL, Kerberos, rsync, CUPS, lsh and OpenSSH. Most of these exploits can be used by an attacker even without having an account on the server. In other words, you will hardly find a single server that has not been vulnerable for some time this year. Even worse, it's highly unlikely that those were the last exploits to be found, so you are still vulnerable after patching them. It's just a matter of time until an attacker finds the exploits.

NOV
16
2003

What do users want?

The main problem is to find out what users want. Did you know whether users will like Expose or they will use KXmlRpc before they have been implemented? I don't think so. Did users ask for Expose? Unlikely. Can we know whether WinFS's way of searching files with meta-data queries will replace today's file systems? No. All I know is that it sounds useful, and that if it is a success KDE will look pretty outdated with its file dialogs.

NOV
15
2003

Basing the future of free software on cloning the competition

OSNews has a poll and discussion about integrating Mono into Gnome. As KDE may face a similar decision at some point in the future - what to do when KDE's technology is not competitive anymore - I thought i write my thoughts down in my blog instead of the OSNews forum.



OCT
22
2003

Security and the much needed unification of servers

Today news sites repeated the monthly Microsoft execute says "Linux is insecure" articles. And while they are comparing apples with oranges (as Linux distributions ship with far more servers and network services than Microsoft offers), it's hard to deny the fact that Linux is also insecure. Essential and security critical packages like OpenSSH, LSH and OpenSSL had exploits in the last weeks and this should have convinced the last conservatives that it is not possible to write a complex server in C without having a remote exploit per year. All these exploits were caused by manual memory management that is relatively hard to avoid in C. But that's not even the point that I want to make, you can also have security problems in other languages. What free software (and also the proprietary competition mostly) lacks is a way to make securing your computer easy.

Pages