- C# Compiler Open Sourced — bit by the bit, the ship of Microsoft turns.
- The Web’s Declarative Composable Future — this. For the first time since 1993, I feel like the web platform is taking a step towards being a real platform (vs simply bolting features on the side).
- Why the Government Should Provide Internet Access — video interview with Susan Crawford about why the Internet should be treated like a utility. She’s the only policy person I see talking sense. There’s a multilarity coming, when a critical mass of everyday objects are connected to each other via the Internet and offline devices become as useful as an ox-drawn cart on railway tracks. At that point it’s too late to argue you need affordable predator-proof Internet, because you’re already over the (sensing, e-ink covered, Arduino-powered) barrel. (via BoingBoing)
- Design Fiction: A Bibliography — Some resources about design fiction I’m use to share with students.
Improve your odds with the lingua franca of computing.
A boring old C-style language just like millions of developers learned before you, going back to the 1980s and earlier. It’s not flashy, it’s usually not cutting edge, but it is smart. Even if you don’t stick with it, or program in it on a daily basis, having a C-style language in your repertoire is a no-brainer if you want to be taken seriously as a developer.
WebAssembly – wasm – skips that final step, producing a binary format, technically a compressed AST encoding. Unless you’re going to be building compilers, you can compare wasm to a bytecode system. There is a text format for debugging, but the binary emphasis yields substantial extra speed as it skips parsing and minimizes decompression.
20 years of efficiently computing Bacon numbers
The Oracle at Delphi spoke just one language, a cryptic one that priests “compiled” into ancient Greek. The Oracle of Bacon—the website that plays the Six Degrees of Kevin Bacon game for you—has, in its 20-year existence, been written in six languages. Read on for the history and the reasons why.
The original version of the Oracle of Bacon, written by Brett Tjaden in 1995, was all C. The current version, my stewardship of it, and my revision control history only go back to 1999, so that’s where I’ll start. In 1999, I rewrote the Oracle… still entirely in C. Expensive shortest-path and spell-check algorithms? Definitely in C. String processing to build the database? Also C! Presentation layer to parse CGI parameters and generate HTML? C here, too!
Why C? The rationale for the algorithmic component was straightforward: the Oracle of Bacon ran on a slow, shared Unix machine that other people were using to get actual work done. Minimizing CPU and memory resource requirements was the polite thing to do. I needed a compiled language that let me optimize time and space extensively. The loops all counted down, not up, because comparing against zero was fractionally faster on SPARC. It had to be C.
But why were the offline string processing and the CGIs in C? Mostly, I think, to reuse code from the other parts of the code base and from previous projects I’d written when C was the only language I knew.
As the site added features, I got tired of writing code to generate HTML in C. I wrote new CGIs, then rewrote existing CGIs, in Perl. Simply put, writing the CGIs in an interpreted language made me more productive. I had hash tables and vectors built into the language and CGI support a simple “use” statement away. I didn’t have to compile on one server and then deploy to another—I could edit the CGIs right there on the web server. Good deployment practices it wasn’t, but it made me more productive as a programmer, and the performance of the CGIs didn’t matter all that much.
iOS Pentesting, Twitter's Infrastructure, JS Data Sync, and Chromium as C Runtime
- idb (Github) — a tool to simplify some common tasks for iOS pentesting and research: screenshots, logs, plists/databases/caches, app binary decryption/download, etc. (via ShmooCon)
- Twitter Infrastructure — an interview with Raffi Krikorian, VP of Platform Engineering. Details on SOA, deployment schedule, rollouts, and culture. (via Nelson Minar)
- Chromium is the New C Runtime — using Chrome’s open source core as the standard stack of networking, crash report, testing, logging, strings, encryption, concurrency, etc. libraries for C programming.
How dabbling in a new language now can lead to innovation later
Being a polyglot programmer has its benefits; most of us have read or heard about those benefits from various respectable sources. I’d like to highlight the importance of being a polyglot learner before being a polyglot programmer.
You heard me right—learn a new language, but don’t rush to use it in production. At least not right away. I have used this approach and have realized two major benefits:
- Enhanced design skills, and
- The ability to adapt quickly to an evolving mainstream language
Most programmers currently code in one of the mainstream languages like Java, C#, and C++. On a typical enterprise project, chances are we’re using one of these languages. It might seem like a tall order for most of us to be able to intermix other languages. However, it’s becoming more critical that we do. Let’s discuss why.
Handle sensitive data, free memory, and more
It may seem that when dynamic memory has been deallocated, we are done with it. We have avoided a memory leak and can confidently move on to other issues. In some cases this may be the case. However, we may need to be concerned with issues such as how we handle sensitive data and whether we need to even worry about freeing memory if the application is about to terminate. In this discussion we will examine these issues and others.
The Heap and System Memory
The heap typically uses operating system functions to manage its memory. The heap’s size may be fixed when the program is created, or it may be allowed to grow. However, the heap manager does not necessarily return memory to the operating system when the
free function is called. The deallocated memory is simply made available for subsequent use by the application. Thus, when a program allocates and then frees up memory, the deallocation of memory is not normally reflected in the application’s memory usage as seen from the operating system perspective.
Memory is typically deallocated using the free function. One concern deals with what happens when we try to free the same memory twice. Freeing a block of memory twice is referred to as double free. The following illustrates how this can be done:
char *name = (char*)malloc(...); ... free(name); // First free ... free(name); // Double free
More subtle occurrences of double free occur when pointers are aliased:
char *name = (char*)malloc(...); char *tmp = name; ... free(name); // First free ... free(tmp); // Double free
In an earlier version of the zlib compression library, it was possible for a double-free operation to result in a denial of service attack or possibly to insert code into the program. However, this is extremely unlikely and the vulnerability has been addressed in newer releases of the library. More information about this vulnerability can be found at cert.org.
A simple technique to avoid this type of vulnerability is to always assign NULL to a pointer after it has been freed. Subsequent attempts to free a null pointer will be ignored by most heap managers.
char *name = (char*)malloc(...); ... free(name); name = NULL;
Effectively control Windows from the console
Here’s a slick PowerShell 3.0 one-liner. If you want to pull down an RSS feed from a blog, displaying only the title and publication date try:
Invoke-RestMethod "http://www.dougfinke.com/blog/index.php/feed/" | Select title, pubdate
It’s that simple. No looping, no checking end of stream, no XSLT to handle transforming the XML from the RSS feed, but wait, there’s more. This array of objects is now connected to the entire PowerShell ecosystem. PowerShell is based on .NET so you can use ADO.NET to insert it into a database, use
Invoke-RestMethod again and post it to another REST endpoint or spin up Microsoft Excel and control it via its COM API. And that my friends, is the two foot dive into the PowerShell ocean.
PowerShell is Microsoft’s task automation framework, consisting of a command-line shell, an integrated scripting environment (ISE), a scripting language built on .NET Framework, an API allowing you to host PowerShell in your .NET applications, and it is a distributed automation platform. This means if you have PowerShell running on another box, you can remotely execute PowerShell there, if you have the credentials.
What you need to do is launch the PowerShell console. On my Windows 8 box I press the Windows button, type “
powers“, and hit enter.
Great! I’ve got a blank blue screen. Now what?
Why C is a more practical and enticing programming language than you might think.
Choosing a programming language for that project you’re working on is a fairly straightforward decision: it needs to be fast, easy to use, and it must come with enough bells and whistles to keep you from re-inventing the wheel every time you want to do something.
Looking at this criteria, aside from the fast bit, the C language may not be the first one that pops into your head. After sitting down with Ben Klemens, the author of 21st Century C, I am now looking at C as a more practical and enticing alternative than I would have thought possible.
21st Century C sets a precedent in presenting C as a language that is a lot easier to use, and has more library support than many people think. If you are not up to date on the latest that C has to offer you may not be aware of the simplicity and elegance of the language. These strengths are backed by the C99 and C11 standards, but mainly they are built up on the development of libraries and modern tools for building and multi-threading in C. Read more…
Rob Pike on how Go fits into today's computing environment
The Go programming language was created by Rob Pike, Ken Thompson, and Robert Griesemer. Pike (@rob_pike) recently told me that Go was born while they were waiting a long while for some code to compile — too long.
C++ and Java have long been the go-to languages for big server or system programs, but they were created almost 30 and 20 years ago, respectively. They don’t address very well the issues programmers see today like use of concurrency and incorporating big data and they’re not optimal for the current programming environment.
One main reason that Go will succeed is how it deals with concurrency. It outpaces Java and C++ as well as Python, Ruby, and all the other scripting languages. It simply provides a better model, with Java a close second, that is able to work within the computing environment into which it was born.