rdware what the Chinese syllable-writing system is to a proper phoneme-base d alphabet, but the Chinese are still using their hard-to-remember syllable symbols. "C" seems to be more nearly adequate as a computer language. "Lin ux" is more a social movement than anything else, but some social movements do last, particularly when they perform a service that people need.
Perhaps not, but it certainly isn't alphabetic.
times
Tone languages do offer extra routes to disambiguation, but English isn't h omophone free either. We cope.
You just need a good macro assembler and a suitable macro set. From the DECUS 1977 tape
formatting link
Abstract: MACRO-11/SP is a set of MACRO-11 macros which provides a concise, comprehensive set of control structures for assembler programs. The facilities provided are IF...ELSE..FI, LOOP..REPEAT, CASE...CASEND, PROC...END and CALL.
I assume this refers to the same macro set that at the times was known as Macro-11 Plus.
I wrote several programs with this macro-set and very rarely needed some explicit branch instructions (GOTOs). The only problem was that the macros were so complex that it took a long time to compile.
Later on, I also wrote a similar macro set for the VAX.
It is interesting to note that someone freaks out like this. even if It has been decades since the worst coding wars.
After all, the structured language constructs are just syntactic sugar
formatting link
for GOTOs and labels:-).
Some languages have better syntactic sugar than others. Some languages have the ability to name loops and then it is possible to exit from a deeply nested loop to some outer level.
Some languages from the 1970's had a mechanism to put named error handlers at the end of the function and then 'escape' to the error handler, without using that "horrible" GOTO keyword. This construct allowed to keep the main program logic clean, without spreading error handling within the main program logic.
From those days, I do not know of any languages that would have had a true exception handler. However, the VAX/VMS had from the beginning (1975) a system level exception handler mechanism. For instance after a divide by zero, the exception handler could set a desired result (say MAXINT/(MININT) and continue execution from the next instruction or unwind the stack to some outer level procedure exception handler or if no outer level exception handler had been defined terminate the program by unwinding the stack to the OS.
Regarding "spaghetti code" it is easily created, if there are no suitable loop constructs to replace backward GOTOs. Even Fortran IV had the DO-loop, so this was a handy way of handling backward jumps. IMHO using GOTOs for only forward jumps helps readability a lot.
Not totally. Someone could clandestinely install a communication device, or clone modify & swap the SSD/HDD etc. In espionage situations there can be motivation to do that. Or on a more common level, a disgruntled employee or bored kid.
That would, perhaps, be a "process". But it is not a sensible process.
You start with a design with no /known/ vulnerabilities that you can practically and economically avoid. You include an understanding of the ones that you know still exist, but cannot reasonably block. You include appropriate ways to handle the situation when new vulnerabilities occur (such as having a way to update the software, or warn users, or help users inform you about problems).
And your process from there involves identifying and reacting to security problems (and any other problems) as they are discovered.
I expect we will be using them for a good while yet. Why?
You trick the software into writing beyond the end of a buffer, thus overwriting data in a way the program is not expecting, and using this to influence the running of the code.
If the buffer is on the stack, this can include writing over the function return address pushed on the stack - thus letting you jump to code at the address you specify.
It does not need the code segments to be writeable - indeed, that would typically be irrelevant since the buffer you are overflowing is not in the code segment to start with.
It does not need the data segments to be executable, but sometimes that could be helpful to the attacker (by putting executable code into the buffer before then changing the function return address to point to the new code).
Most often it is just a denial of service attack - you mess up the running of the program. That is particularly the case when you have, as most modern OS'es do, address space randomisation. You can rarely get the program to jump to somewhere useful to the attacker, but you can usually provoke a crash or fault.
Buffer overflows occur through simple bugs in the code, and are usually simple to avoid by being a little careful in your coding.
And with enough imagination and a wide enough definition of "security" and "remote attack", pretty much everything is vulnerable. Your kettle might have just one switch and no electronics (never mind any software), but if people can cut the electricity supply to your house then it is still vulnerable to remote denial of service attacks.
The problem with "goto" is that it is very easy to abuse and produce spaghetti code - it is too flexible. More nuanced programmers accept that sometimes "goto" can be the best choice of code flow control, but those occasions are rare. They are particularly rare in languages with rich alternatives for code flow.
Nonsense. Event-driven and state machine code are not uncommon in high reliability code - they occur in many types of coding. And high reliability code can have many types of structures and code flow. One thing it does not have, however, is more than very, very occasional gotos.
When writing provable code, "goto" is something you would usually avoid. It makes it extremely difficult to prove the effects of the code, compared to loops, recursion, or other structures.
I never thought of a kettle as being vulnerable to a DoS attack before. Motivation might be lacking though. Someone tried to secure to this one against such attacks:
1) I think the discussion makes no sense, goto is just fine.
2) as soon as you move towards higher level languages like C and upwards there are many very serious problems.
Let's have an example Single chip RS232 remote controlled storage oscilloscope implemented in a PIC 18F14K22
scope.asm is 9486 lines of asm, well divide by 2 at least for comments and empty lines for clearity.
The fun thing is when I wrote that, the 18F14K22 was sorta new to me and I had not _really_ bothered to read the instruction set, later I found it also had a 'bra' instruction, relative jump, so I could have saved some space and maybe increased speed and added more features in the 8 k words / 16 kB code space.
Now you all in you f*cking high level languages may or may not be able to write that in that code space.. with or without goto. Personally I would not even try in C and forget about any other languages.
An other fun thing is the 'skip if ' in PIC asm. skips the next instruction (that could be a jump or call) if is met,
All that d*mn filosphy here about the work of dickstar who obviously was no coder and about security by non-hackers, what a waste of time. Write some code, publish it, see that it works so others can use it prove the idiot wrong with gotoes ;-) or follow his religion.
In this newsreader,
formatting link
written in C also downloadable from my site, not a single goto. Dijkmans would be so happy, but could get strangled in the linked lists I'm sure. So, it is a bit like religion, every body has one and everybody is right. That poor dijkstraw could not remember more than 1 label is HIS problem, and should not dictate how others code.
LOL
And all your 'high' level languages and compilers in the end create gotos.
The reason things are bloated these days is coders using those high level languages who have no clue about hardware, and use library on top of library on top of library needing 10 MB code to say 'hello world'. And many of those, for example creating websites with those tools, have not the slightest inkling about logic, are not capable of logic thinking, and create a world of rubbish.
Huge projects like for example the tax system here, millions put into it, failed. It becomes a money sucking operation and the managers are either idiots and / or do not know the basics of computing, or see it as their job to makes the things as expensive as possible and suck the most money from the taxpayer that is. Same for US military projects like for example F35, useless joke of no value in a real war. US warships dead in the water because windows cashed... Was it caused by gotos
On Dec 31, 2018, snipped-for-privacy@nospam.org wrote (in article ):
Actually, gotos were not the root cause. Which you knew.
It was stupider than that, someone down in the Engine Room accidentally entered a zero (by a fat-finger error) in a database field on pump flow or capacity or something, crashing the badly-written statistics database, which in turn took the local operating system down, which in turn brought the shipboard LAN down, which in turn caused all attached computers to hang. They had to reboot the entire ship and bring it back up one system at a time; this is what took about three hours.
There was a lot about this in The Risks Digest in 1998 as well: .
========================== ============ From a presentation I made in 2004:
o For almost three hours in September 1997, the Yorktown, a billion-dollar Aegis guided-missile cruiser, drifted helplessly off Cape Charles, VA, without propulsion, steering, weapons, or sensors, all due to a crash in a Windows-NT client, which took the entire shipboard LAN and connected computers down with it (Ref: "Was it Windows or Human Error", WSJ 27 Aug
1998, page B6)
- If this had happened in a storm or during a battle, or far from home, ship and crew could have been lost. Many naval battles have been lost and/or ships sunk simply because a ship's rudder jammed. A dead propulsion system is far worse.
o The Yorktown was the prototype IT-21 "SmartShip"
- In January 2001, the Smart Ship program died of injuries received in the Yorktown Incident (Ref: "Navy postmortem tries to pinpoint what went wrong with the 'Smart Ship' ", Edward J. Walsh, Military& Aerospace Electronics
formatting link
page 1 of the March 2001 issue.)
- OACE has apparently taken over the realtime mission, and the IT-21 name survives for shipboard office automation applications only (OACE = Open Architecture Computing Environment) o The fundamental problem was the inappropriate use of a desktop operating system for an application that is both mission-critical and safety-critical
- Civilian Air Traffic Control systems have since the 1970s or 1980s had full fault tolerance, with tenth-second recovery times. Warships should be able to do at least this well.
- A traditional two-box solution, with a standard RTOS controlling propulsion et al in one set of boxes and NT in a different set of boxes, communicating via standard Internet protocols on the shipboard LANs, would have allowed the Yorktown to sail on unaffected while Windows was being brought back up.
o For safety-critical applications, Windows NT/2000/XP or its successors may never suffice, and/or be accepted by the relevant safety review boards
End of 2004 presentation.
========================== =========
During the rise of the IT-21 program, pointing out the folly of useng a desktop operating system for things like sensors, weapons, combat systems, et al would cause significant career damage, so most people bided their time. After the Yotktown Incident, the direction of career damage abruptly reversed.
What replaced Windows for embedded realtime was the traditional two-box solution, but using Red Hat Enterprise Linux plus a real RTOS kernel like VxWorks. Many FPGAs have a mini Linux inside. And so on.
And there are now two physically isolated LANs, one (usually redundant) for the combat system et al, and the other for admin tasks (where Windows boxes are used).
Or use the HDD or SMC or PMIC or various other peripherals to store information or run code. Basically everything contains Flash and a microcontroller, nowadays, and can be updated via drivers.
Remember, your "computer" is actually dozens of CPUs (equivalent to maybe
60s-70s era supercomputers/mainframes), supporting typically two supercomputers (as such were in the mid-90s or so).
It is not at all unreasonable for, say, the NSA to obtain a manufacturer's keys, craft a custom driver to be distributed to a target (say by MITM'ing Windows Update servers), and having that implant persistent monitoring and reporting code inside some "hardware" device, independent of OS, hard drive or a lot of other things.
I think they tend not to do that, exactly. AFAIK, they have the authority to obtain keys, but it's rather a nuclear option as far as burdening manufacturers with the knowledge that their whole distribution chain is now not quite theirs. Hence the preference for physical implant devices and existing vulnerabilities.
It has happened before -- there have been two virus attacks where a Microsoft key was stolen or cracked, and malicious software distributed via Windows Update, IIRC.
Ah, but the rise of the European empires only really got going once tea and coffee were introduced to Europe--kettle DoS is obviously a nefarious plot to overturn Western civilization. ;)
Cheers
Phil Hobbs
--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC / Hobbs ElectroOptics
Optics, Electro-optics, Photonics, Analog Electronics
Briarcliff Manor NY 10510
http://electrooptical.net
http://hobbs-eo.com
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.