View Single Post
Old 31 July 2015, 13:00   #105
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Originally Posted by meynaf View Post
Anyway as I said earlier, it's pointless to have "security" when you have no risk of being attacked ! We're in a market niche, remember.
Every time you miss or evade the point... you ask "how?" i answer how, and you object with a "why?" You ask "why?" i answer why, and you object with a "how" and round and round we go...

Talk of memory protection is irrelevant to my example about the Mr Beanbag website being hacked. That was hacked because we left the visitor comments section wide open because we didn't think anyone would have any motivation to hack it, so we didn't bother doing it "properly". We were wrong. Exactly HOW they did it is really not important. You asked WHY someone would hack such-and-such.

We're in a market niche, right. The whole point of this thread is about why we can't have an "amiga-like" system anymore, and the answer is that, insofar as you define "amiga-like" as having no security model whatsoever, no-one in their right mind would produce a new system like that.

Originally Posted by meynaf View Post
The compiler is responsible only of a small part in fact ; it turns 20kb programs into 80kb programs maybe, but it won't turn 20kb into several Mb.
Bloatwares are so by bad programming design, it's not the fault of the compiler. Look at the sources that can be found online. Often i can rewrite them in asm with a lot less lines
Flat wrong.

I have written programs in C++ that do barely anything and the executable comes out in the 100s of kb. And let's look at the way Windows programs come bundled... the usual way is you bundle install all the DLLs the program needs along with the program, because the alternative is "DLL Hell". I know, it completely negates the entire point of a shared library, but nevertheless it is the norm on Windows, because it has no way to manage dependencies. Linux is better on this front.

And i have worked on commercial projects in C++ (do i have to keep repeating myself?) that are full of the sort of bugs that could compromise an unprotected system (segmentation faults to you and me), granted i do generally remove more code than i add but the number of lines of code is really not the problem, it is the interdependency between the various parts, and especially because we just don't know exactly what the user will do until we actually give it to them to use. Some of the bug reports that come back are incredible, "i did X and it crashed," and i'm sitting there with my head in my hands going "why... why did you do that?" Of course it still shouldn't crash in any case, but we can only test cases that we can anticipate.

Last edited by Mrs Beanbag; 31 July 2015 at 13:09.
Mrs Beanbag is offline  
Page generated in 0.06276 seconds with 10 queries