• Gold Dragon (19/19) Sep 16 2004 I was hoping you guys would write the report for me... there may be some...
• Arcane Jill (7/11) Sep 16 2004 Please could you be more specific in your question. It's a little too va...
• =?ISO-8859-1?Q?Sigbj=F8rn_Lund_Olsen?= (13/19) Sep 16 2004 The answer isn't really that dangerous:
• Sean Kelly (7/11) Sep 16 2004 The obvious issue that comes to mind is buffer overrun attacks (since th...
• Arcane Jill (13/26) Sep 16 2004 Yes, I thought the original poster might have been referring to buffer o...
• Rex Couture (17/20) Sep 17 2004 Neither does C, but I'll bet just about every buffer overrun, every memo...
• Walter (12/18) Sep 17 2004 leak,
• Rex Couture (2/6) Sep 17 2004 Thanks. That is a vast improvement.
• Sean Kelly (5/13) Sep 17 2004 D does array bounds checking, which is a significant step in the right
• Rex Couture (6/7) Sep 17 2004 I was hoping for something more like total erradication. Arcane Jill ju...
• Sean Kelly (9/16) Sep 17 2004 Thing is, any systems programming language will let the programmer do al...
• Gold Dragon (4/9) Sep 17 2004 Thanks Sean,
• Matthias Becker (9/16) Sep 18 2004 Sorry, I don't get it.
• Gold Dragon (17/36) Sep 20 2004 I will reiterate and explain better what I'm trying to say. I'm comparin...
• Arcane Jill (7/12) Sep 21 2004 Not wishing to sound rude, but it's generally considered bad practice to...
• Gold Dragon (4/11) Sep 25 2004 Nah, not to offensive and completely understood. Ha ha, ah damn.

Gold Dragon <dragonwing dragonu.net> writes:

I was hoping you guys would write the report for me... there may be some money
involved.

I'm just kidding.

Actually, what I want is to know from the experience of people writing D how
you liked/disliked it.
Also I need to post questions since the only documentation is on the Mars D
site and Wiki D so I'm
kind of limited in articles and resources. There is a wealth of information on
both sites but I may
need some information not on the sites. Citation is going to be a bitch indeed.

The way I'm going to write the report is on the "unique" features that D has:

Design by Contract
Template Syntax
Built-in Garbage Collector
Others...

Perhaps also go into advantages/disavantages over .NET (there are some articles
already on newsgroup
that may help me).

Another topic that I have to do since it is a security class, is well,
security. How can you secure
D from hackers, reverse engineering (if it is possible), and how D can be used
to create viruses. I
could just half ass this topic depending on how much space I need to fill,
since most are applied to
most languages anyway.

Thanks,
Jacob Santos

Arcane Jill <Arcane_member pathlink.com> writes:

In article <cibpov$2ejf$1 digitaldaemon.com>, Gold Dragon says...

How can you secure
D from hackers,

Please could you be more specific in your question. It's a little too vague to
be meaningful, right now.


reverse engineering (if it is possible),

Reverse engineering is /always/ possible, in any language.


and how D can be used to create viruses.

Even if I new the answer to that question, it would be highly irresponsible of
me to answer it.

Arcane Jill

=?ISO-8859-1?Q?Sigbj=F8rn_Lund_Olsen?= <sigbjorn lundolsen.net> writes:

Arcane Jill wrote:

 In article <cibpov$2ejf$1 digitaldaemon.com>, Gold Dragon says...

and how D can be used to create viruses.

 
 
 Even if I new the answer to that question, it would be highly irresponsible of
 me to answer it.

The answer isn't really that dangerous:

The same as any other high-level general-purpose language.

One could however argue that due to the footprint of any D program being 
considerably larger that the footprint of a hand-assembled one, it'd 
have a great deal more difficulty propagating and escaping detection.

And in the end, virii are caused by gargantuan architectural flaws in 
the security model used by most modern operating systems. That an 
executable should be capable to editing every file on the HD *just* 
because the logged-in user can is preposterous. It's fairly depressing 
there exists a market for anti-virus software.

Cheers,
Sigbjørn Lund Olsen

Sean Kelly <sean f4.ca> writes:

In article <cibvum$2ibb$1 digitaldaemon.com>, Arcane Jill says...
In article <cibpov$2ejf$1 digitaldaemon.com>, Gold Dragon says...

How can you secure D from hackers,

Please could you be more specific in your question. It's a little too vague to
be meaningful, right now.

The obvious issue that comes to mind is buffer overrun attacks (since they're
such a hot topic these days).  D has built-in support for dynamic arrays and
offers string.format (which can resize the buffer if needed) instead of sprintf,
both of which reduce the likelyhood that an average program will be written in
such a way that buffer attacks are possible (compared to C/C++).


Sean

Arcane Jill <Arcane_member pathlink.com> writes:

In article <cic9hi$2oaa$1 digitaldaemon.com>, Sean Kelly says...
In article <cibvum$2ibb$1 digitaldaemon.com>, Arcane Jill says...
In article <cibpov$2ejf$1 digitaldaemon.com>, Gold Dragon says...

How can you secure D from hackers,

Please could you be more specific in your question. It's a little too vague to
be meaningful, right now.

The obvious issue that comes to mind is buffer overrun attacks (since they're
such a hot topic these days).  D has built-in support for dynamic arrays and
offers string.format (which can resize the buffer if needed) instead of sprintf,
both of which reduce the likelyhood that an average program will be written in
such a way that buffer attacks are possible (compared to C/C++).

Yes, I thought the original poster might have been referring to buffer overruns.
Well then, D allows you to write low-level code, with the potential for
low-level bugs. There is nothing to stop you, for example, calling the C
function gets() - (viola - instant bug; instant security hole!).

It could be argued that the only way to avoid buffer overruns is to use a
language which prohibits them, such as Java. However, just because D /allows/
you to write scary code, it doesn't /force/ you to do so. It's a systems
programming language, with all the risks and responsibilities that go with that.
Perhaps the bottom line is that if you're going to write a security app, you'd
better know what you're doing. D does not claim to protect you from your own
errors, and when it comes to security, every error is a potential hack-route.

Arcane Jill

Rex Couture <Rex_member pathlink.com> writes:

In article <cie0th$ol8$1 digitaldaemon.com>, Arcane Jill says...
It could be argued that the only way to avoid buffer overruns is to use a
language which prohibits them, such as Java. However, just because D /allows/
you to write scary code, it doesn't /force/ you to do so.

Neither does C, but I'll bet just about every buffer overrun, every memory leak,
and every faulty commercial program was written in C or C++.  Somehow, these
programs always rear their ugly heads and threaten my data at crunch time.

I really think you're missing a fantastic opportunity here.  If I were to read
that a program were written in a nice, simple language that absolutely prevents
"scary" errors, I would definitely give it a second look.

For any critical use, if I had a choice, I wouldn't even consider a program that
had any possibility of memory violations.

Yes, I know, you say you don't have to use the scary features (but claim that
they are essential nonetheless).  That's not the point.  The point is that C
programmers like these and will probably use them.  Lacking strong evidence to
the contrary, from bitter experience I just assume that every program I buy is
full of such bugs.

If you must retain unsafe features in D, you could at least isolate them to an
unsafe system library.  If that library is not used, you could then certify the
program as safe.

"Walter" <newshound digitalmars.com> writes:

"Rex Couture" <Rex_member pathlink.com> wrote in message
news:cif54l$23ig$1 digitaldaemon.com...
 Neither does C, but I'll bet just about every buffer overrun, every memory

leak,
 and every faulty commercial program was written in C or C++.  Somehow,

these
 programs always rear their ugly heads and threaten my data at crunch time.

 I really think you're missing a fantastic opportunity here.  If I were to

read
 that a program were written in a nice, simple language that absolutely

prevents
 "scary" errors, I would definitely give it a second look.

The difference here is that to prevent buffer overruns in C, *extra* work is
necessary on the part of the programmer. With D, one has to do extra work to
get a buffer overrun. This pattern is fairly consistent: while D maintains
the ability to use scary features, using them usually means the programmer
has to do extra work, whereas the C programmer has to do extra work to avoid
the problem.

Rex Couture <Rex_member pathlink.com> writes:

In article <cif9iv$2c1g$1 digitaldaemon.com>, Walter says...
...With D, one has to do extra work to
get a buffer overrun. This pattern is fairly consistent: while D maintains
the ability to use scary features, using them usually means the programmer
has to do extra work....

Thanks.  That is a vast improvement.

Sean Kelly <sean f4.ca> writes:

In article <cif54l$23ig$1 digitaldaemon.com>, Rex Couture says...
Yes, I know, you say you don't have to use the scary features (but claim that
they are essential nonetheless).  That's not the point.  The point is that C
programmers like these and will probably use them.  Lacking strong evidence to
the contrary, from bitter experience I just assume that every program I buy is
full of such bugs.

If you must retain unsafe features in D, you could at least isolate them to an
unsafe system library.  If that library is not used, you could then certify the
program as safe.

D does array bounds checking, which is a significant step in the right
direction.  I'm pretty sure the only means to cause a buffer overrun in D is to
use pointers, which I expect to be quite uncommon in typical D programs.


Sean

Rex Couture <Rex_member pathlink.com> writes:

In article <cifa5f$2d3u$1 digitaldaemon.com>, Sean Kelly says...
...which I expect to be quite uncommon in typical D programs.

I was hoping for something more like total erradication.  Arcane Jill just gave
us one simple scenario how such security holes will get in.  I'm confident that
someone somewhere is going to use some treacherous C code or do something
equally dumb.

D is a good start, but keep thinking security.  :-)

Sean Kelly <sean f4.ca> writes:

In article <cifc0g$2gln$1 digitaldaemon.com>, Rex Couture says...
In article <cifa5f$2d3u$1 digitaldaemon.com>, Sean Kelly says...
...which I expect to be quite uncommon in typical D programs.

I was hoping for something more like total erradication.  Arcane Jill just gave
us one simple scenario how such security holes will get in.  I'm confident that
someone somewhere is going to use some treacherous C code or do something
equally dumb.

D is a good start, but keep thinking security.  :-)

Thing is, any systems programming language will let the programmer do all sorts
of evil things if he really wants to.  I think Walter's approach is the correct
one in that it makes such things a bit more complicated so such practices will
tend to be restricted to places where they're actually needed.  Needless to say,
the easiest way to prevent buffer overrun attacks is to use the code/data flags
provided by modern processors.  But then a clever systems programmer may want
his data segments executable :)


Sean

Gold Dragon <dragonwing dragonu.net> writes:

 The obvious issue that comes to mind is buffer overrun attacks (since they're
 such a hot topic these days).  D has built-in support for dynamic arrays and
 offers string.format (which can resize the buffer if needed) instead of
sprintf,
 both of which reduce the likelyhood that an average program will be written in
 such a way that buffer attacks are possible (compared to C/C++).

Thanks Sean,

The teacher was talking about buffer over runs and linux has them also. If
Linux could be remade in 
D then it would solve some problems. I doubt the likelyhood of that ever happen
but okay. It is an 
advantage of D that I can discuss either in the report or in the Presentation.

Matthias Becker <Matthias_member pathlink.com> writes:

The way I'm going to write the report is on the "unique" features that D has:

Design by Contract
Template Syntax
Built-in Garbage Collector
Others...

Sorry, I don't get it.
Design by Contract isn't unique to D. Eiffel had id _LONG_ before D (IMHO that's
where D has "stolen" it from, but I'm only guessing, as there are so many
languages that have DbC built in, like Sather, ...).
A Garbage Collector isn't unique, too. Most languages actually have one.


Perhaps also go into advantages/disavantages over .NET (there are some articles
already on newsgroup
that may help me).

NET is a language independend platform, D is a language. So you compare two
things that have nothing in common. There actualy is a project called D.NET,
which brings D to .NET.

-- Matthias Becker

Gold Dragon <dragonwing dragonu.net> writes:

I will reiterate and explain better what I'm trying to say. I'm comparing, C
and C++ when I speak of 
D as they are fairly close. The uniqueness is that neither have some of the
features builtin to the 
languages. I probably won't go into the history of languages that had the
features before because I 
feel it is outside the depth of the report. If I went into explaining which
languages had the 
features first and how they worked then I would have about a 30 paged report
(hyperbole but you see 
the point?).


wrote .NET so it was 

are fairly close, 
feature wise. I won't be comparing it to Java either, the teacher pretty much
hates the Microsoft so 
I can get some kiss-ass points from bashing poor, helpless Microsoft.

If you like, I can post the report to the newsgroup and you can correct any
mistakes I will make. It 
would help me out in editing the thing. My teacher isn't going to know enough
to correct any 
mistakes I make... but he also won't know that there were any mistakes. I'm not
the best writer so 
there will be grammar mistakes and some sentences will most likely suck but I
won't need help with 
that, at least not from here.

I should probably make this OT...

Jacob Santos

 Sorry, I don't get it.
 Design by Contract isn't unique to D. Eiffel had it _LONG_ before D (IMHO
that's
 where D has "stolen" it from, but I'm only guessing, as there are so many
 languages that have DbC built in, like Sather, ...).
 A Garbage Collector isn't unique, too. Most languages actually have one.
 
 
 
Perhaps also go into advantages/disavantages over .NET (there are some articles
already on newsgroup
that may help me).

 
 
 NET is a language independend platform, D is a language. So you compare two
 things that have nothing in common. There actualy is a project called D.NET,
 which brings D to .NET.
 
 -- Matthias Becker
 
 

Arcane Jill <Arcane_member pathlink.com> writes:

In article <cing4v$44a$1 digitaldaemon.com>, Gold Dragon says...

If you like, I can post the report to the newsgroup and you can correct any
mistakes I will make. It 
would help me out in editing the thing. My teacher isn't going to know enough
to correct any 
mistakes I make... but he also won't know that there were any mistakes. I'm not
the best writer so 
there will be grammar mistakes and some sentences will most likely suck but I
won't need help with 
that, at least not from here.

Not wishing to sound rude, but it's generally considered bad practice to get a
newsgroup or forum to do your homework for you. I think we're all happy to help
out with opinions and information, but if you're gonig to get a better grade
than your classmates, it should be because /you/ did the work.

Jill
(Apologies if I was way off the mark - hope that wasn't too offensive).

Gold Dragon <dragonwing dragonu.net> writes:

Nah, not to offensive and completely understood. Ha ha, ah damn.

I'm going to post back when I write the paper... which has to be soon. It would
be cool to get 
opinion on the thing because the people in class are zombies. Last report... ah
that story is for 
another time (Disclaimer: I'm never going to tell the story and I doubt that
anyone cares to hear it).

 Not wishing to sound rude, but it's generally considered bad practice to get a
 newsgroup or forum to do your homework for you. I think we're all happy to help
 out with opinions and information, but if you're gonig to get a better grade
 than your classmates, it should be because /you/ did the work.
 
 Jill
 (Apologies if I was way off the mark - hope that wasn't too offensive).