Older blog entries for mrorganic (starting at number 262)

Well, it looks like Valve got pantsed in public. Some shitbird cracker broke their (ridiculously weak) network and downloaded the entire HalfLife 2 source-code base.

1. Whoever Valve's network admin is, he or she ought to be out of a damned job. This is just unconscionable. 2. The original expoit was via a buffer-overflow in Microsoft Outlook. How many times will people get burned by lousy Windows security before the learn? 3. Gabe Newell can take personal credit for fomenting this disaster. Using an internal machine to e-mail to fan groups, not taking appropriate measures to protect said machine, and waiting too long to take corrective action: bad enough for a home machine, almost criminal in a business enterprise. 4. Valve might be facing millions of dollars in lost sales due to this disaster, and it could very well mean the end of them. Among the source code they lost was stuff they had licensed from other companies. This makes them liable for losing not only their own IP, but other IP they didn't even own. I see lots of litigation coming out of this, especially as it seems Valve was negligent in protecting the sources.

Let this be a lesson, kids. Take security seriously.

Well, I got a copy of Borland's new CBuilderX Personal Edition. I'm not all that impressed. Basically, it's a Java-based IDE with support for a variety of backend compiler/debuggers. There's no GUI builder, no resource editor, and very little wizard support. (And what wizards there are generate bad default settings.)

Windows users will hate it, while Linux developers can use Eclipse or KDevelop and get exactly the same functionality with no hit to their wallets.

1 Oct 2003 (updated 1 Oct 2003 at 19:22 UTC) »

I got a visit from the hay-fever fairy, so I've been sniffling and fighting a sinus headache all day. Feh.


Most software is still written in Cobol or Visual Basic.

In Bizarro World, maybe. COBOL used to be the language of choice, and there's a lot of it still running, but I'd bet my watch and chain that not much new COBOL code is getting cranked out every year. I used to write COBOL stuff for banks, and almost all of them have transitioned to either client/server stuff (C++ on both ends) or web services (Perl, PHP, or Python).

Yesterday was Hardware Day. Not intentionally mind you, but the Computer gods decided to play some ugly tricks on me.

1. My main working machine, a homebrew Pentium III box, has a huge fan and power supply. Now, normally this fan sounds like the turbine of a Boeing 747 readying for takeoff. I've learned to ignore it. But yesterday morning the fan started warbling, and then buzzing, and then...ominous silence. Then I heard a pop and my screen went dark. Uh oh. (I'll save you the suspense -- the power supply croaked. Hopefully the motherboard is still okay.)

2. My Sun Ultra 10 machine also has something wrong with it -- it just reboots every so often with no warning. So I can't use that.

3. I did have an old Pentium II 233MHz machine moldering deep in my closet. It's an old machine that my wife used before I upgraded her to a homebrew Duron machine. I transplanted my two hard drives and 256MB of RAM into the machine and am at this very moment installing Red Hat 9.

If the motherboard in the Pentium III machine is truly dead, I might investigate getting a dual-cpu Opteron box. I've always wanted an SMP machine to fool with. This (and a new power supply, of course) will have to wait for a few weeks until my coffers are full again. So in the meantime I'll have to make do with the Frankenbox now sitting on my desk.


LOL that COM works badly with C++. Who wants to use that language anyway?

Jeezus, berend, what world do you live in? Name a major piece of software that isn't written in some variant of C (C,C++,Obj-C). I can only think of a couple, and they are mostly Java-based. And there's Zope, which is written in Python. (And an argument can be made that Java is simply another dialect of C.) And pointers may contribute to buffer overflows, but they also make libraries like the STL and BOOST possible. Don't knock these libraries if you haven't used them -- they are huge productivity enhancers if you use them correctly.

Just remember, pointers are like superhuman powers: with great power comes great responsibility!

But if you really dislike C/C++, you can go to Python -- it's a truly OO language, but is far better designed than, say, Java. It also works well as a "glue" layer in scripts, and it's in that role that I use it rather than Perl. You can write libraries in C and import then into Python with wrappers. In fact Python itself is written in C! (And so is Java, for that matter.)

Once you get beyond the edge tools, berend, almost everything on both Unix and Windows is written in either C or C++.

By the way: I wasn't saying that C++ was bad. My argument was that Microsoft crippled COM in it's native environment (C/C++) to make it interoperate with braindead languages like VB (and Delphi!).

I have a birthday coming up, so I decided to take a few days off from work next week. I need the break.

As an extension to the screed I wrote about COM, I considered writing in more detail about software components in general. But this topic really requires a book-length treatment, and is resistant to the usual "bad or good" comparisons. I disagree with most popular implementations of components (like COM), but the concept is sound enough.

Good programmers know when to use a given tool or approach; mediocre ones tend to blindly follow "the rules" regardless of their applicability to a given problem domain. I've met lots of shake-n-bake C++ coders who claim to know how to use the STL, but are then flummoxed when I demonstrate common algorithms like accumulate and reverse. Or they are completely in the dark about basic things like overloading operators.

This is why I always emphasize craft rather than art to my junior programmers. You want to be an artist? If you lack the basic craft, you'll be a crappy artist anyway. Learn the basics. Don't get fancy, and don't rely too much on wizard-generated code. If you don't understand what a given chunk of code does, don't fool with it until you do. Use (but don't abuse!) comments. Make sure you're solving a problem rather than a symptom.

It seems to me that the whole programming world worries too much about abstract methodology when we should be worried about simple, nuts-and-bolts stuff like code quality and readability.

Not much to report today: just keeping an eye on a newly-deployed piece of software and fiddling around with the new release of wxWindows. wxWindows has several MFC-ish design elements that make me grind my teeth (message and event maps, for example), but is admirably capable in other respects. It's probably the best cross-platform C++ toolkit out there (yes, even better than QT).

I used QT for a time a few years back, and was not impressed. The type system was (and remains) an ugly and breakage-prone hack, and forfeits many of the type-safety features that C++ brings to the programming table. Without that, you might as well be using C (in fact, C is preferable in many ways since it is far less complex than C++).

If you crave type-safety, a sane C++ environment, and target only Linux/Unix boxen, then you may want to consider GTKMM, a C++ wrapper around GTK. It's far more type-safe than QT/KDE, and is a more compliant toolset to boot (it uses STL and the standard C++ library where possible, rather than reinventing strings, streams, stacks, lists, and so on).

24 Sep 2003 (updated 24 Sep 2003 at 12:25 UTC) »

Something deeply weird is going on with Advogato today: I tried to post a diary entry, my browser "went away" for a number of minutes, and them Advogato advises me that the site seems to be broken. I look at the current diary entry list, and my name is there -- but no diary entry!



COM is only "easy" in IDEs like Delphi and VB because an enourmous amount of effort has gone into making wrappers and wizards to take the burden off the programmer. And still the essential defects of COM remain: it's about the poor design of COM.

Think for a moment about the humble BSTR, COM's string structure. It's basically a length-prefixed wide-character array. This was done to make brain-dead clients like Visual Basic happy, but at the expense of breaking C/C++, which considers a "string" to be a vector of characters (narrow or wide) terminated by a NULL. And this picture is further complicated by the fact that the OLECHAR* type in C++ is often used synonymously with the BSTR, when in fact they're very different (OLECHAR* values are not length-prefixed). But the COM APIs (being poorly designed) cannot really tell the difference between an OLECHAR* value and a BSTR.

In C++ especially, you run into all kinds of initialization/assignment issues, as well as heap/stack problems, due to the muddiness of the OLECHAR*/BSTR distinction.

This is a core design flaw in COM. C/C++ are the primary COM languages (through ATL), and yet Microsoft crippled a core data structure to support weaker clients! (And don't even get me started on the horrendously-cruddy SAFEARRAY and related API).

When you say COM is simple, you're only partly correct. In concept, yes, COM is simple. But in practice, it rapidly degrades into the stinking mess you see today because the design flaws are right at the center of what COM is: BSTRs, SAFEARRAYS, and the standard marshaller.

23 Sep 2003 (updated 23 Sep 2003 at 18:21 UTC) »

What you're talking about is called metadata, i.e., data that describes other data. Most databases do provide some level of this (checking on the system tables will give you column information like type, size, etc.). However, you run into another problem: you need to describe your metadata somehow. Meta-metadata? Meta-meta-metadata? At some point, it becomes self-defeating.

The Unix Way (to which I adhere) is to provide mechanism, but not to dictate policy. This extends to databases as well; I like databases like Berkeley DB that just give you key/value pairs and leave the rest up to me. I can then either use in-code structures (structs, classes, or tables) to give form to my data; or I can use a markup language like SGML or XML.

Self-discoverable data structures are very complicated both in concept and execution, and lead to the chicken-and-egg problem I noted earlier: you run into a "set of sets" infinite regress where there is no ultimate set to describe all other sets. It's better to just lay down the law (algorithmically speaking) and say, "This is how my data looks; conform or be damned!"

253 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!