On a sunny day (Sun, 5 Oct 2008 14:02:23 +0200) it happened Frank Buss
<f...@frank-buss.de> wrote in <dmkn0pnxg3fr$.1...@40tude.net>:

>Jan Panteltje wrote:
>
>> Yes I am using bind, and the very latest too.
>
>I wouldn't trust a program with such a bad security history (
>http://www.isc.org/index.pl?/sw/bind/bind-security.php ). There are good
>nameservers, which are more secure. E.g. the author of djbdns gives $1000
>for the first person, who finds a security hole:
>
>http://cr.yp.to/djbdns/guarantee.html

Yes I know, and have, that program.
I find it a bit complicated and as long as bind works OK see no need to change.


>I didn't test it, because I used a simpler program last time I installed a
>nameserver (didn't remember the name), because I don't need all the
>complexity of BIND-like programs. But looks like djbdns is a good program.
>It is even not vulnerable to the DNS poisoning exploit:
>
>http://cr.yp.to/djbdns/blurb.html


I wrote a small name server myself, for the backup web server that runs from an SDcard
in a Linksys wireless access point:
 http://panteltje.com/panteltje/wap54g/index.html#wapserver
As that name server is not finished (and perhaps never will) I am not releasing it and its source,
also to protect myself against evil forces wanting to see where all the weak spots are.
Now that runs the simplest web server you can imagine.
Asking for a login keeps most of the bots out.

 

>> I A AM SO GLAD I DO NOT HAVE AN ISP, THEY ALL SUCKED.
>
>I'm glad that I don't have to maintain the infrastructure and constantly
>monitoring security issues, appplying patches etc. Nameserver and eMail
>just works. It is not the cheapest, but my ISP has more than 2 million
>paying customers, so there is a good chance that problems are fixed fast.

Well, some have 1 euro / minute help desks, and then once you get a line have to explain to THEM what
they need to fix....
I tried more then 7 ISPs, now I have 'direct-adsl', faster, cheaper, better.


>> In the end maybe 'which language' is not that important, I mean
>> *if* you can formulate the problem correctly, then you can write the program,
>> you have in fact the solution.
>
>This depends on where you use the language. I don't write bug-free
>programs, so I would feel uncomfortable to write a web application in C,
>because it could have buffer overflows or crash the whole web server
>program. If I write it in Java, I just get a nice exception trace in a log
>file, but the rest of the server program continues to work and low-level
>bugs like buffer overflows are impossible in Java (as long as you don't use
>native parts of the system, like JPEG decoding).

I have a bit different philosophy about all this.

These days it seems like the following tactics are used:
 A lock on every door in the house with 2 keys to open it, and an open front door.

I do prefer a good fence with a good lock, and doors and windows in the house that
you just can open without locks.

No, I do not always check for buffer overflow [exploits], for example this news reader
will likely crash if some overflow is deliberately created.
So what.
I do not know a lot about Java, in fact all I know is that it is slow, does not have pointers,
that makes it not interesting for me.
Now Java-people claim it is not slow, but some also claim the world is flat.

My view is that people who attack the internet, and its applications, an internet that
is used by much of humanity, and many things that are becoming more and more essential
to us are based on it, should get the death penalty.

Now that will help.
And that also goes for those self serving people who publish new attacks every so often,
like Kaspersky & friends, lock am up and execute them.
It is just their ego and business, the virus writers are THEY, and lots of little script kiddies
use their ideas and tools to create havoc.

Bit extreme POV I have, but alas, it is that way.
 

On 2008-10-05, Jan Panteltje <p...@yahoo.com> wrote:

>>Nowadays my hoster provides these services
>
> I A AM SO GLAD I DO NOT HAVE AN ISP, THEY ALL SUCKED.

If you don't have an ISP, how to get packets to/from the
Internet?

-- 
Grant

CBFalconer <c...@yahoo.com> wrote:

>Nico Coesel wrote:
>> CBFalconer <c...@yahoo.com> wrote:
>> 
>... snip ...
>>>
>>> I am amazed at the things programmers carp at and distinguish. 
>>> The C language is generally admired, yet it is one of the
>>> weirdest languages in existance.  PIC assembly language is also
>>> weird (but works), and is generally poked fun at.  Pascal (real,
>>> not Turbo) is almost the soundest language available to all,
>>> yet it is studiously ignored.
>> 
>> There is a simple reason for that. C has been designed to be a
>> usefull programming language, Pascal has been designed to be a
>> useless as possible programming language. I've been using Pascal
>> for years but I still don't regret trading it in for C / C++.
>
>I'll wager you used something like Turbo, which does not meet the
>language specifications.  I used it for nearly 15 years in embedded
>work, with very wide applications, and minimum problems.

Turbo -several versions- and Delphi -several versions. Programming
Pascal seems like walking in mud. Too many constraints. Can't do this,
can't do that.

-- 
Programmeren in Almere?
E-mail naar nico@nctdevpuntnl (punt=.)

On a sunny day (Sun, 05 Oct 2008 09:01:39 -0500) it happened Grant Edwards
<g...@visi.com> wrote in
<c...@posted.usinternet>:

>On 2008-10-05, Jan Panteltje <p...@yahoo.com> wrote:
>
>>>Nowadays my hoster provides these services
>>
>> I A AM SO GLAD I DO NOT HAVE AN ISP, THEY ALL SUCKED.
>
>If you don't have an ISP, how to get packets to/from the
>Internet?

We have a special thing here, it is called 'direct-adsl',
basically the telco gives you a direct line.
It is cheaper then via ISP too.
But no servers, no email server, no web server, no whatever else
ISPs do..., no news server, but a fixed IP address.
So I bought a domain, installed smtp, named, apache, proftpd, lots
of other cool stuff, and pointed the domain to my IP address.
And since then I have been online with this since 2004 without a problem.
 
I can, from the notebook, ssh to my system from anywhere in the world,
control the heating, house electronics, even grab satellite TV if
the connection is fast enough (it can be compressed).

Also use the notebook as portable TV around the house via WiFi..
PC as media centre worldwide, MS is still dreaming about it...
All runs Linux here of course.

Uniden wrote:
> In article <0b4a9ce0-c18f-44ab-b418-3c9f169519c1
> @m45g2000hsb.googlegroups.com>, z...@gmail.com says...
>>  A rabid
>> wombat in a bell jar full of crack smoke could not have designed a
>> less-pleasant ISA than PIC.
>
> Funniest thing I've read in a long time. And laser accurate. :-P

I really don't get all the PIC hatred.  I've played around with quite a few 
different micros starting with the 1802.  Every micro that I've used has its 
own set of crappy handicaps; PICs by no means have the market cornered on 
this.  By far the best design I've ever worked with is the ARM. 

"MooseFET" <k...@rahul.net> wrote in message 
news:7...@25g2000prz.googlegroups.com...
On Oct 3, 6:20 am, CBFalconer <cbfalco...@yahoo.com> wrote:
> larwe wrote:
> > Jim Granville <no.s...@designtools.maps.co.nz> wrote:
>
> >>> that uChip would phase out (read: burn at the stake) all parts
> >>> based on its frankly fucked-up legacy 8-ish-bit architectures.
>
> >> Why ? They ship in large volumes, and obviously do the task
> >> adequately. Elegence usually comes at a cost :)
>
> > Ten million flies can't be wrong, eh?
>
> I am amazed at the things programmers carp at and distinguish. The
> C language is generally admired, yet it is one of the weirdest
> languages in existance. PIC assembly language is also weird (but
> works), and is generally poked fun at. Pascal (real, not Turbo) is
> almost the soundest language available to all, yet it is studiously
> ignored.

> Pascal's strict type enforcement means that most bugs are caught
> before the program is even compiled.

That's a myth. Pascal's type checking is not stronger than C as long
as you don't use explicit type casts. Pascal is more restrictive so it's
harder for a novice to create a program that compiles.

> The run time type checking prevents big trouble on the few that may
> slip by.

Again a myth. Automatic runtime checks don't significantly improve software
reliability. Most bugs are due to incorrect specification or implementation,
not due to accessing null pointers etc.

> This leads to its
> downfall.  If you think of programming as being like mountain
> climbing, you will understand why.  The guy who crawls up the side of
> a mountain gets a lot more respect than some who takes a safe and
> comfortable helicopter ride there.

A better comparison would be between a novice climber using safety ropes
and an experienced climber without. The safety equiment doesn't stop the
inexperienced climber from falling all the time or getting lost. The experienced
climber knows to choose a safe route without risking a fall and so doesn't need
the ropes that slow him down.

Experienced programmers don't need to be restricted by a language in order
to write safe and reliable software.

Wilco 

Wilco Dijkstra wrote:

> Experienced programmers don't need to be restricted by a language in order
> to write safe and reliable software.

Yes, of course. But the real problem is where to get many experienced 
programmers for cheap.


Vladimir Vassilevsky
DSP and Mixed Signal Design Consultant
http://www.abvolt.com

On Sun, 05 Oct 2008 10:40:45 -0500, Vladimir Vassilevsky
<a...@hotmail.com> wrote:

>
>
>Wilco Dijkstra wrote:
>
>> Experienced programmers don't need to be restricted by a language in order
>> to write safe and reliable software.
>
>Yes, of course. But the real problem is where to get many experienced 
>programmers for cheap.
>
>
>Vladimir Vassilevsky
>DSP and Mixed Signal Design Consultant
>http://www.abvolt.com

India ?:-)

                                        ...Jim Thompson
-- 
| James E.Thompson, P.E.                           |    mens     |
| Analog Innovations, Inc.                         |     et      |
| Analog/Mixed-Signal ASIC's and Discrete Systems  |    manus    |
| Phoenix, Arizona  85048    Skype: Contacts Only  |             |
| Voice:(480)460-2350  Fax: Available upon request |  Brass Rat  |
| E-mail Icon at http://www.analog-innovations.com |    1962     |

         Vote Barack... Help Make America an Obama-nation

Jim Thompson wrote:
> On Sun, 05 Oct 2008 10:40:45 -0500, Vladimir Vassilevsky
> <a...@hotmail.com> wrote:
>
>>
>>
>> Wilco Dijkstra wrote:
>>
>>> Experienced programmers don't need to be restricted by a language
>>> in order to write safe and reliable software.
>>
>> Yes, of course. But the real problem is where to get many experienced
>> programmers for cheap.
>>
>>
>> Vladimir Vassilevsky
>> DSP and Mixed Signal Design Consultant
>> http://www.abvolt.com
>
> India ?:-)

It's the classic "you can have two out of any three".  With India you can 
have many and cheap, not experienced.  If you want experienced (using this 
word as a substitute for capable) and many, look towards the many that were 
left unemployed by outsourcing in the US, but they won't be cheap.  Cheap 
and experienced are mutually exclusive as you can clearly see.  ;-) 

"Jim Thompson" <T...@My-Web-Site.com> wrote in message 
news:p...@4ax.com...
>
> On Sun, 05 Oct 2008 10:40:45 -0500, Vladimir Vassilevsky
> <a...@hotmail.com> wrote:
>
>>
>>
>>Wilco Dijkstra wrote:
>>
>>> Experienced programmers don't need to be restricted by a language in order
>>> to write safe and reliable software.
>>
>>Yes, of course. But the real problem is where to get many experienced
>>programmers for cheap.

Indeed. But would you rather use several inexperienced programmers rather than
a few more experienced ones? In the long term the experienced ones are likely less
expensive.

> India ?:-)

Probably not for long, as salaries have increased. Companies are already starting to
look elsewhere.

Wilco