Re: How security holes happen
On Thursday, March 6, 2014 6:28:58 PM UTC-6, Dennis Lee Bieber wrote: The 6502 was NOT a Motorola chip (they had the 6800). The 6502 was MOS That's funny... did you not see what I wrote back to MRAB? Here: The MOS 6502 is to the Motorola 6800 what the Zilog Z80 was to the Intel 8080. The same engineers who designed the 6800 moved out and then designed the 6502; actually ended up in a law suit of sorts--- but I don't remember the details. Anyway, the 6502 was bought outright by Commodore, and the rest is history with the VIC20. -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On 2014-03-07 01:53, Mark H. Harris wrote: On Thursday, March 6, 2014 6:28:58 PM UTC-6, Dennis Lee Bieber wrote: The 6502 was NOT a Motorola chip (they had the 6800). The 6502 was MOS That's funny... did you not see what I wrote back to MRAB? Here: The MOS 6502 is to the Motorola 6800 what the Zilog Z80 was to the Intel 8080. Not quite. The Z80's architecture and instruction set is a superset of that of the 8080; the 6502's architecture and instruction set isn't a superset of, or even compatible with, that of the 6800 (although it can use the same I/O, etc, chips). The same engineers who designed the 6800 moved out and then designed the 6502; actually ended up in a law suit of sorts--- but I don't remember the details. Anyway, the 6502 was bought outright by Commodore, and the rest is history with the VIC20. -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Thursday, March 6, 2014 8:13:02 PM UTC-6, MRAB wrote: The Z80's architecture and instruction set is a superset of that of the 8080; the 6502's architecture and instruction set isn't a superset of, or even compatible with, that of the 6800 (although it can use the same I/O, etc, chips). My point is not what, but who. Motorola engineers designed the 6502. A rose is a rose by any other name. Its the people who count... if Motorola had listened to those guys, who knows ... ? neither here nor there now, or course. -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Wed, 05 Mar 2014 08:37:42 +0200, Marko Rauhamaa wrote: MRAB pyt...@mrabarnett.plus.com: Into how many versions did Lisp split in its first 23 years? :-) I'm partial to Scheme, but I'll take any version. If you had tried Python 30 years ago, you'd give it up for any serious work because it would be so slow and consume so much memory. /facepalm Python is only 23 years old, so it would have been a good trick to have tried it 30 years ago. While it was slow back then, it used LESS memory, not more. (Trading off more memory for speed is one of the ways that Python has gotten faster.) Nevertheless, people did use it for serious work, at least by the time it got to version 1.4 and quite likely much earlier. -- Steven -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
Steven D'Aprano st...@pearwood.info writes: On Wed, 05 Mar 2014 08:37:42 +0200, Marko Rauhamaa wrote: If you had tried Python 30 years ago, you'd give it up for any serious work because it would be so slow and consume so much memory. /facepalm Python is only 23 years old, so it would have been a good trick to have tried it 30 years ago. While it was slow back then, it used LESS memory, not more. Moreover, this is not an issue of Python the language as much as *implementations* (the CPython implementation has improved markedly in the intervening decades), and of *resources* very different then and now. The available CPU and memory resources for a language implementation is vastly greater today than 30 years ago. You could re-implement exactly the same compiler today as was run 30 years ago, and have its speed and memory performance remarkably better without any change in the language. If you'd run an implementation of *any* language of the time 30 years ago, it would have been far slower than implementations on today's hardware, and doubless improvements in the implementation (if the community was motivated to improve it for that long) would account for even greater speed differences. None of this is argument in favour of the changing applicability of the *language*, which is what Marko apparently wants to imply. -- \ “I got an answering machine for my phone. Now when someone | `\ calls me up and I'm not home, they get a recording of a busy | _o__) signal.” —Steven Wright | Ben Finney -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
Steven D'Aprano st...@pearwood.info: On Wed, 05 Mar 2014 08:37:42 +0200, Marko Rauhamaa wrote: If you had tried Python 30 years ago, you'd give it up for any serious work because it would be so slow and consume so much memory. /facepalm Python is only 23 years old, Some explorers roamed in Siberia around 1900 and encountered small nations with undocumented languages. They stayed with the people for some time and tried to record the basic vocabulary and grammar. The dialog sometimes went like this: - In your language, is it correct to say, I went fishing yesterday. - No. - What's wrong with it? - I didn't go fishing yesterday. Marko -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Wednesday, March 5, 2014 2:26:12 AM UTC-6, Steven D'Aprano wrote: On Wed, 05 Mar 2014 08:37:42 +0200, Marko Rauhamaa wrote: If you had tried Python 30 years ago, you'd give it up for any serious work because it would be so slow and consume so much memory. /facepalm Python is only 23 years old, so it would have been a good trick to have tried it 30 years ago. hi Steven, QOTD, I go back to the day of the MITS Altair 8800. My high school had one. I was writing machine code for the Wang 700 series programmable desk calculator, and punching in code on the Altair 8800, with toggle switches. I'm one of the guys Bill Gates wrote his famous open letter to in 1976. I was there. In 1984 the only language being used to write *anything* in the general sphere of personal computing was either MS DEBUG.COM (one of my favorites) or BASIC---which was ubiquitous, where like almost *every* computer booted directly into a BASIC interpreter, the noted exception being the first IBM PC. The pre-cursor to python was ABC created at CWI in about 1991. One of its purposes (according to Guido) was to, and I quote, Stamp out BASIC. My first IBM machine was the famous PCjr... booted directly into cartridge BASIC, or would optionally boot DOS 2.1 from 5 floppy, where I could run, you guessed it BASICA, using the cartridge rom, or I could optionally run DEBUG.COM and code up 8086 machine code (not assembler, mind you). Well, I used my PCjr until 1992 (python was one year old, and ABC would not run on a PC); when I purchased my 486 SX. Guess what? ---still coding BASIC, DEBUG.COM... and whoohoo, Turbo Pascal At IBM we were coding Rexx on the VM370 systems, and then Rexx on the OS/2 systems; no python, and nothing much else either , oh yes, Turbo BASIC, Visual BASIC, and of course BASICA although you could then get it as GWBASIC, ... still no python. Did anyone mention that PCs back in that day were toys. And I do mean toys. They were slow, they crashed, their graphics sucked, and your storage medium was a floppy disk. Linus was working in Finland on basic... Richard Stallman was working on GNU, Guido was working at CWI on python. The PC really didn't come into its own (and they were still slow) until the Pentium4. Personal computers really did not begin to really shine until about 1998 (a mere 16 years ago) when IBM and other began to take a serious look into gnu/linux research. PCs were fast enough, had enough memory, and even had python. Of course most of us were not using it... mostly C of various brands (notably MIX) and Visual BASIC. Quick BASIC was ubiquitous by that time, and MASM had taken over for DEBUG.com. Those were the days. There has been a resurgence of interest in BASIC today; notably Mintoris, and Chipmunk. But now everyone usually has some flavor of python installed on their computer (and most don't know it) because python is being used under the covers as a scripting language of choice. Wide adoption is still coming, in the future, but the future looks good for python; competing of course with (notably) Java or Dalvik (Android Java). In my day computers were slide-rules. Businesses were still using Comptometers (still being taught on my high school) and the modern age of computing would not occur for forty years. Trust me, thirty years ago was like the dark ages of personal computing and python wasn't even a gleam in her daddy's eye. If fact, now that I think of it, Monte Python and the Holy Grail came out in 1975, one year before the MITS Altair 8800 Bill Gates open letter, and one year after I graduated from high school. {world according to me} marcus -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On 2014-03-05, Dennis Lee Bieber wlfr...@ix.netcom.com wrote: On Wed, 05 Mar 2014 00:48:40 +0200, Marko Rauhamaa ma...@pacujo.net declaimed the following: Ethan Furman et...@stoneleaf.us: Okay, that looks totally cool. Maybe I'll finally get a handle on LISP! :) Lisp is conceptually simpler than Python, but awe-inspiring. One day, it will overtake Python, I believe. It's already had 54 years to become a major language... Instead it has schismed into Common Lisp and Scheme (and a few other dialects) Granted, my experience was toying with /cassette-based/ SuperSoft LISP on a TRS-80 Model III Personally, I think it hasn't taken off because special forms are harder to remember than syntax. And there are, like, *way* more than mammals needs. And then the coolest feature of the language, macros, is designed to let you, gulp, add more. Well, that or lisp's designers severely underestimated how much we like to use our programming languages as non-RPN calculators. -- Neil Cerutti -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
Neil Cerutti ne...@norwich.edu: Personally, I think it hasn't taken off because special forms are harder to remember than syntax. And there are, like, *way* more than mammals needs. It hasn't taken off yet, but even mammals can evolve. Well, that or lisp's designers severely underestimated how much we like to use our programming languages as non-RPN calculators. I don't think Lisp was really originally designed. It just came out and, surprisingly, ran. As for the anti-RPN notation, yes, it can be hard to get used to. Then again, Python notation requires an initiation as well. For example: invoc = {}({}).format(fname, ', '.join(repr(x) for _, x in named_args)) Marko -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Thu, Mar 6, 2014 at 1:11 AM, Mark H. Harris harrismh...@gmail.com wrote: My first IBM machine was the famous PCjr... booted directly into cartridge BASIC, or would optionally boot DOS 2.1 from 5 floppy, where I could run, you guessed it BASICA, using the cartridge rom, or I could optionally run DEBUG.COM and code up 8086 machine code (not assembler, mind you). My first IBM machine (first I used - the first computer I actually personally *owned* wasn't till this century) was an Epson XT-compatible. We had GW-BASIC and Q-BASIC, and a much superior form of DEBUG.EXE that came with, get this, an inbuilt mini-assembler! Yes, I could do this: -a :0100 mov ah,09 :0102 mov dx,0109 :0105 int 21 :0107 int 20 :0109 db Hello, world!,13,10,24 And it'd produce the appropriate bytes. From memory, that would be B4 09 BA 09 01 CD 21 CD 20, followed by the text string. I actually used that to write seriously-useful programs, like one that helped us keep track of which treasures we'd picked up in Colossal Caves. (For some definition of seriously-useful, anyway.) At IBM we were coding Rexx on the VM370 systems, and then Rexx on the OS/2 systems; no python, and nothing much else either , oh yes, Turbo BASIC, Visual BASIC, and of course BASICA although you could then get it as GWBASIC, ... still no python. I wasn't working at IBM itself, but when Dad switched to OS/2 for our home business, we switched too. That would have been about 1992; we used OS/2 2.1 briefly, but got properly into things with Warp 3 (Connect, and I can never remember whether it was red-box or blue-box - we had the one that came with a Windows license for Win-OS/2). Ooh, we had the most amazing fun with that... we set up, to quote my older brother, our very own personal World Wide Web! (Not very accurate, but that was the big buzz-word at the time, and hey, we did have a LAN.) And over the ensuing years, we got to know which network cards were the most reliable - mainly the Realtek ones, we had some RTL8029 cards that went into so many different computers - and if anything went wrong with drivers or anything, I'd pop the case and stick in one of my stand-bys. Either that, or we'd go search for the drivers on Hobbes, and either download 'em onto a floppy disk or LinkWiz them across - because one of the very first things we'd put onto any computer was the comms software that uses a special serial-port or parallel-port cable to transfer files. Immensely useful, until generic network drivers got better :) Did anyone mention that PCs back in that day were toys. And I do mean toys. They were slow, they crashed, their graphics sucked... Oh no! No no no! Graphics didn't suck for everyone. Maybe they did for you, you with the horrible CGA card plugged into your TV. Maybe they did for the people who used the default IBM Monochrome card that didn't do graphics at all. But no, my dad was forward-looking. He got the best. He got a Hercules Graphics Card, capable of driving the same screens the IBM Mono would, but giving us the tremendous capability of 720x348 monochrome graphics! It was awesome! Plus, for text colors we had black, white, bold black, and bold white, and - get this - underlined! Nobody else got that. Yes, those were the days. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On 2014-03-04, Marko Rauhamaa ma...@pacujo.net wrote: Ethan Furman et...@stoneleaf.us: Okay, that looks totally cool. Maybe I'll finally get a handle on LISP! :) Lisp is conceptually simpler than Python, but awe-inspiring. One day, it will overtake Python, I believe. Seriously? LISP had a _30_year_head_start_ yet Python is far ahead and pulling away... -- Grant Edwards grant.b.edwardsYow! I'm continually AMAZED at at th'breathtaking effects gmail.comof WIND EROSION!! -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Wed, 05 Mar 2014 00:48:40 +0200, Marko Rauhamaa wrote: Ethan Furman et...@stoneleaf.us: Okay, that looks totally cool. Maybe I'll finally get a handle on LISP! :) Lisp is conceptually simpler than Python, but awe-inspiring. One day, it will overtake Python, I believe. That day was 25 years ago. According to the long-term TIOBE index, 25 years ago Lisp was the second most popular programming language in the world, behind only C. http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html I don't think Lisp has gotten easier, or the average programmer smarter, since then. The average programmer has difficulty with while loops, do you really think that someday they'll grok lambda calculus? *wink* Seriously, Lisp is not only one of the oldest high-level languages around, being almost as old as Fortran and Cobol, but it was one of the biggest languages of the 1970s and even into the 80s. Companies spent millions developing, and using, Lisp compilers. There were even Lisp machines, actual hardware machines not virtual, where the CPU could execute Lisp instructions directly in hardware. It did not last. It's not that the computer industry hasn't discovered Lisp, it is that they discovered it, gave it a solid workout for 20 years, and then said Nope, this isn't for us. -- Steven D'Aprano http://import-that.dreamwidth.org/ -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Wednesday, March 5, 2014 9:47:40 AM UTC-6, Steven D'Aprano wrote: Seriously, Lisp is not only one of the oldest high-level languages around, being almost as old as Fortran and Cobol, but it was one of the biggest languages of the 1970s and even into the 80s. Lisp was specified by John McCarthy (of Berkeley, CA) in 1958. It is the second oldest computer language behind Fortran, by one year. There is a resurgence of interest in Lisp today (yes, not so much for common lisp) in the Scheme arena. The irony for AI today is that we are finally at the point where the technology can finally do what Alonzo Church and Alan Turing dreamed about. John McCarthy was *way* ahead of his time too. We are at the point where we are wondering again if computer science technology in software engineering will ever generate a thinking entity---self aware, creative, and of course able to generate on it's own, Cogito ergo sum Lisp/Scheme is awesome. But, if I want to have my little 'ol puter do some real work, up comes IDLE and out comes a script in a couple of hours that's awesome! I still play around with gnu emacs and lisp. Its fun, educational, and truly enriching beyond words. Check out the site, Lambda the Ultimate sometime: http://lambda-the-ultimate.org/ marcus -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Wed, 05 Mar 2014 16:54:59 +0200, Marko Rauhamaa wrote: I don't think Lisp was really originally designed. The history of Lisp is described here in detail: http://www-formal.stanford.edu/jmc/history/lisp/lisp.html Like all complex systems, it did not appear fully-formed in a flash of inspiration. It was both designed and evolved through experimentation. That process of *trying things* and keeping those that work is usually called design. -- Steven D'Aprano http://import-that.dreamwidth.org/ -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Thu, Mar 6, 2014 at 5:42 AM, Steven D'Aprano steve+comp.lang.pyt...@pearwood.info wrote: On Wed, 05 Mar 2014 16:54:59 +0200, Marko Rauhamaa wrote: I don't think Lisp was really originally designed. The history of Lisp is described here in detail: http://www-formal.stanford.edu/jmc/history/lisp/lisp.html Like all complex systems, it did not appear fully-formed in a flash of inspiration. It was both designed and evolved through experimentation. That process of *trying things* and keeping those that work is usually called design. There's a difference between iterative design of that nature and initial design. An initial clean design is a good basis for further iterative design; a messy initial design means backward compatibility shackles you. Originally designed is different from constantly worked on. But Lisp has enough variants that the backward compat issue isn't as major. There's no specific need for Scheme to maintain every mistake of Common Lisp, or Clojure to support everything that elisp does. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Wednesday, March 5, 2014 6:24:52 PM UTC-6, Dennis Lee Bieber wrote: I must have had a deprived life... The only debug on a home system I ever used was the one in LS-DOS. And even then, it was only because an OS update disk arrived with a bad sector and could not be copied. Not many people realized what they had in front of them. The only reason you might is if you 'grew up' on a system that required machine coding; like the Wang 700 series, or the MITS Altair 8800, or the VIC 20 with VicMon. I grew up with all three. So, before I ever learned a line of BASIC I was coding machine language (not assembler) on the three platforms above... the wang used integrated circuits, but had to processor chip; the MITS used the very first 8080 chip from Intel, and the VIC 20 used the 6502 from Motorola. My first personal computer (I did not own it, it was temporarily loaned to me) was the VIC 20. It only had 5k of memory, so anyone who did any real programming on it purchased the VicMon cartridge which was a 'machine language monitor'. It was DEBUG.COM for the VIC 20. When I got the first copy of DOS on floppy and saw DEBUG.COM I knew instantly what it was... a machine language monitor system for reading and writing machine code (8086 / 8088) in memory, or to disk sectors, or to disk as a file-name. It wasn't just a debugger---hardly! It was (and still is, yes, I still use it) a simple clean full-blown machine language monitor capable today just as then, to build sophisticated applications with 1's and 0's/ It was also my cup of tea, as it were. The folks who used the MITS Altair 8800 hated punching code in by hand; gets old fast. But not for me. I loved it, because I was as interested in the 8080 processor as I was in writing programs for it; it was great fun experimenting with memory and the processor. marcus -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On 2014-03-06 01:24, Mark H. Harris wrote: On Wednesday, March 5, 2014 6:24:52 PM UTC-6, Dennis Lee Bieber wrote: I must have had a deprived life... The only debug on a home system I ever used was the one in LS-DOS. And even then, it was only because an OS update disk arrived with a bad sector and could not be copied. Not many people realized what they had in front of them. The only reason you might is if you 'grew up' on a system that required machine coding; like the Wang 700 series, or the MITS Altair 8800, or the VIC 20 with VicMon. I grew up with all three. So, before I ever learned a line of BASIC I was coding machine language (not assembler) on the three platforms above... the wang used integrated circuits, but had to processor chip; the MITS used the very first 8080 chip from Intel, and the VIC 20 used the 6502 from Motorola. The 6502 came from MOS Technology. Motorola made the 6800. My first personal computer (I did not own it, it was temporarily loaned to me) was the VIC 20. It only had 5k of memory, so anyone who did any real programming on it purchased the VicMon cartridge which was a 'machine language monitor'. It was DEBUG.COM for the VIC 20. 5K? Luxury! I started with the Science of Cambridge Mk14. Including the RAM on the I/O chip, it had 640 bytes. When I got the first copy of DOS on floppy and saw DEBUG.COM I knew instantly what it was... a machine language monitor system for reading and writing machine code (8086 / 8088) in memory, or to disk sectors, or to disk as a file-name. It wasn't just a debugger---hardly! It was (and still is, yes, I still use it) a simple clean full-blown machine language monitor capable today just as then, to build sophisticated applications with 1's and 0's/ It was also my cup of tea, as it were. The folks who used the MITS Altair 8800 hated punching code in by hand; gets old fast. But not for me. I loved it, because I was as interested in the 8080 processor as I was in writing programs for it; it was great fun experimenting with memory and the processor. -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Wednesday, March 5, 2014 7:40:05 PM UTC-6, MRAB wrote: The 6502 came from MOS Technology. Motorola made the 6800. Well, not exactly. The MOS 6502 is to the Motorola 6800 what the Zilog Z80 was to the Intel 8080. The same engineers who designed the 6800 moved out and then designed the 6502; actually ended up in a law suit of sorts--- but I don't remember the details. Anyway, the 6502 was bought outright by Commodore, and the rest is history with the VIC20. The engineers at Intel did the same thing... moved out and started Zilog (which still exists today) and began their work on the Z80. By the by, the Z80 is still embedded in many applications today. Although, its not on a 40 pin dip any longer; its a small square about the size of a postage stamp. That is what powers the TI 84+ and the TI 83+ graphing programable calculators. I do some machine coding on the TI 84+ because it can be done on-the-device! The 68000 is the motorola chip that powers the TI89 graphing programable calculator ( my favorite ). Its not so easy to program it with machine code, because the kernel binaries are not well documented (TI hides them) and the user community hasn't probed it enough to know how does it really work. 5K? Luxury! I started with the Science of Cambridge Mk14. Including the RAM on the I/O chip, it had 640 bytes. Oh, I know. I thought 5k was a tremendous about of memory at the time, but we soon built and expanded for the slot, added 16k of memory (hand wire-wrapped thank you) and then plugged the VicMon (actually HES MON) into that. Do you remember the IAS (Maniac) at the Institute for Advanced Study (Johnny von Neumann's baby) ? It only had 5k of memory too! They had to use punched cards or punched tape for intermediate results when they were doing their runs calculating the wave function for the hydrogen bomb. At the time, Johnny said, there will never be a need for for than five machines like this in the whole world! marcus -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Wednesday, March 5, 2014 8:52:31 AM UTC+8, Andrew Cooper wrote: On 03/03/2014 22:19, Cameron Simpson wrote: On 03Mar2014 09:17, Neal Becker ndbeck...@gmail.com wrote: Charles R Harris charlesr.har...@gmail.com Wrote in message: Imo the lesson here is never write in low level c. Use modern languages with well designed exception handling. What, and rely on someone else's low level C? Why is C the lowest denominator? Even with correctly written C and assembly, how can you be sure that your processor is executing the SYSRET instruction safely? (CVE-2012-0217 for anyone interested) ~Andrew It is not difficult to write C with mixed assembly codes for different CPUs. #ifdef ASM /* asm follows */ #ifdef CPUTYPES /* insert CPU ASMS for different CPUs carefully here */ -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Monday, 3 March 2014 22:55:32 UTC, Chris Kaynor wrote: You can go much simpler than that. Merely port Python to LISP, then write a LISP interpreter in Python. Done. http://blog.pault.ag/post/46982895940/heres-my-talk-from-pycon-2013-i-tried-to-queue -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Wed, Mar 5, 2014 at 3:41 AM, sffjun...@gmail.com wrote: On Monday, 3 March 2014 22:55:32 UTC, Chris Kaynor wrote: You can go much simpler than that. Merely port Python to LISP, then write a LISP interpreter in Python. Done. http://blog.pault.ag/post/46982895940/heres-my-talk-from-pycon-2013-i-tried-to-queue I don't have time to watch an hour-long video... what'd he do, exactly that? ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Tue, Mar 4, 2014 at 11:07 AM, Chris Angelico ros...@gmail.com wrote: I don't have time to watch an hour-long video... what'd he do, exactly that? If you fast forward to 16:14, his talk is about five minutes long. He wrote a Lisp compiler whose backend is Python. Skip -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On 3/4/14 12:16 PM, Skip Montanaro wrote: On Tue, Mar 4, 2014 at 11:07 AM, Chris Angelico ros...@gmail.com wrote: I don't have time to watch an hour-long video... what'd he do, exactly that? If you fast forward to 16:14, his talk is about five minutes long. He wrote a Lisp compiler whose backend is Python. Skip It's Hy: http://hylang.org -- Ned Batchelder, http://nedbatchelder.com -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On 03/04/2014 12:47 PM, Ned Batchelder wrote: On 3/4/14 12:16 PM, Skip Montanaro wrote: On Tue, Mar 4, 2014 at 11:07 AM, Chris Angelico ros...@gmail.com wrote: I don't have time to watch an hour-long video... what'd he do, exactly that? If you fast forward to 16:14, his talk is about five minutes long. He wrote a Lisp compiler whose backend is Python. Skip It's Hy: http://hylang.org Okay, that looks totally cool. Maybe I'll finally get a handle on LISP! :) -- ~Ethan~ -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
Ethan Furman et...@stoneleaf.us: Okay, that looks totally cool. Maybe I'll finally get a handle on LISP! :) Lisp is conceptually simpler than Python, but awe-inspiring. One day, it will overtake Python, I believe. Once you have Lisp down pat, you'll be able to appreciate URL: http://en.wikipedia.org/wiki/Combinatory_logic. The final Nirvana is reached with URL: http://semarch.linguistics.fas.nyu.edu/barker/Iota/. Marko -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Wed, Mar 5, 2014 at 9:48 AM, Marko Rauhamaa ma...@pacujo.net wrote: Lisp is conceptually simpler than Python, but awe-inspiring. One day, it will overtake Python, I believe. The final Nirvana is reached with... No no no. The final Nirvana is achieved when you no longer write text at all, but simply edit an empty file. When you are done, the file is still empty, and you have truly reached nirvana. Either that, or you code in http://en.wikipedia.org/wiki/Whitespace_(programming_language) ... ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
In article mailman.7763.1393973842.18130.python-l...@python.org, Chris Angelico ros...@gmail.com wrote: On Wed, Mar 5, 2014 at 9:48 AM, Marko Rauhamaa ma...@pacujo.net wrote: Lisp is conceptually simpler than Python, but awe-inspiring. One day, it will overtake Python, I believe. The final Nirvana is reached with... No no no. The final Nirvana is achieved when you no longer write text at all, but simply edit an empty file. When you are done, the file is still empty, and you have truly reached nirvana. Either that, or you code in http://en.wikipedia.org/wiki/Whitespace_(programming_language) ... ChrisA Man, imagine what you could do with a Unicode version of Whitespace? -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On 04/03/2014 22:59, Roy Smith wrote: In article mailman.7763.1393973842.18130.python-l...@python.org, Chris Angelico ros...@gmail.com wrote: On Wed, Mar 5, 2014 at 9:48 AM, Marko Rauhamaa ma...@pacujo.net wrote: Lisp is conceptually simpler than Python, but awe-inspiring. One day, it will overtake Python, I believe. The final Nirvana is reached with... No no no. The final Nirvana is achieved when you no longer write text at all, but simply edit an empty file. When you are done, the file is still empty, and you have truly reached nirvana. Either that, or you code in http://en.wikipedia.org/wiki/Whitespace_(programming_language) ... ChrisA Man, imagine what you could do with a Unicode version of Whitespace? Yes, but how do we pursuade the Python core devs to give us a decent implementation? Let's face it, according to our resident unicode expert, they can't get anything right about unicode. -- My fellow Pythonistas, ask not what our language can do for you, ask what you can do for our language. Mark Lawrence --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Wed, Mar 5, 2014 at 10:16 AM, Mark Lawrence breamore...@yahoo.co.uk wrote: Man, imagine what you could do with a Unicode version of Whitespace? Yes, but how do we pursuade the Python core devs to give us a decent implementation? Let's face it, according to our resident unicode expert, they can't get anything right about unicode. Easy. We get him to implement it. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On 04/03/2014 23:22, Chris Angelico wrote: On Wed, Mar 5, 2014 at 10:16 AM, Mark Lawrence breamore...@yahoo.co.uk wrote: Man, imagine what you could do with a Unicode version of Whitespace? Yes, but how do we pursuade the Python core devs to give us a decent implementation? Let's face it, according to our resident unicode expert, they can't get anything right about unicode. Easy. We get him to implement it. ChrisA Bingo, nail struck firmly on head with steam roller :) -- My fellow Pythonistas, ask not what our language can do for you, ask what you can do for our language. Mark Lawrence --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On 05Mar2014 09:57, Chris Angelico ros...@gmail.com wrote: On Wed, Mar 5, 2014 at 9:48 AM, Marko Rauhamaa ma...@pacujo.net wrote: Lisp is conceptually simpler than Python, but awe-inspiring. One day, it will overtake Python, I believe. The final Nirvana is reached with... No no no. The final Nirvana is achieved when you no longer write text at all, but simply edit an empty file. When you are done, the file is still empty, and you have truly reached nirvana. Every program has at least one bug and can be shortened by at least one instruction -- from which, by induction, it is evident that every program can be reduced to one instruction that does not work. - Ken Arnold Cheers, Cameron Simpson c...@zip.com.au -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On 03/03/2014 22:19, Cameron Simpson wrote: On 03Mar2014 09:17, Neal Becker ndbeck...@gmail.com wrote: Charles R Harris charlesr.har...@gmail.com Wrote in message: Imo the lesson here is never write in low level c. Use modern languages with well designed exception handling. What, and rely on someone else's low level C? Why is C the lowest denominator? Even with correctly written C and assembly, how can you be sure that your processor is executing the SYSRET instruction safely? (CVE-2012-0217 for anyone interested) ~Andrew -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
In article mailman..1393980007.18130.python-l...@python.org, Dennis Lee Bieber wlfr...@ix.netcom.com wrote: On Wed, 05 Mar 2014 00:48:40 +0200, Marko Rauhamaa ma...@pacujo.net declaimed the following: Ethan Furman et...@stoneleaf.us: Okay, that looks totally cool. Maybe I'll finally get a handle on LISP! :) Lisp is conceptually simpler than Python, but awe-inspiring. One day, it will overtake Python, I believe. I first played with Lisp in 1976. The only time I ever used it for anything serious was an A/I course I took in the mid 80's. At the end of the semester, I was just starting to write things in Lisp (as opposed to writing C transliterated to Lisp syntax and keywords). It's already had 54 years to become a major language... Instead it has schismed into Common Lisp and Scheme (and a few other dialects) Python has had 23 years to become a major language... Instead it has schismed into Python 2.x and Python 3.x. [holding hands over ears to avoid the howls of derision, while ducking and running] -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On 2014-03-05 01:57, Roy Smith wrote: In article mailman..1393980007.18130.python-l...@python.org, Dennis Lee Bieber wlfr...@ix.netcom.com wrote: On Wed, 05 Mar 2014 00:48:40 +0200, Marko Rauhamaa ma...@pacujo.net declaimed the following: Ethan Furman et...@stoneleaf.us: Okay, that looks totally cool. Maybe I'll finally get a handle on LISP! :) Lisp is conceptually simpler than Python, but awe-inspiring. One day, it will overtake Python, I believe. I first played with Lisp in 1976. The only time I ever used it for anything serious was an A/I course I took in the mid 80's. At the end of the semester, I was just starting to write things in Lisp (as opposed to writing C transliterated to Lisp syntax and keywords). It's already had 54 years to become a major language... Instead it has schismed into Common Lisp and Scheme (and a few other dialects) Python has had 23 years to become a major language... Instead it has schismed into Python 2.x and Python 3.x. Into how many versions did Lisp split in its first 23 years? :-) [holding hands over ears to avoid the howls of derision, while ducking and running] -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Tuesday 04 March 2014 23:17:40 Andrew Cooper did opine: On 03/03/2014 22:19, Cameron Simpson wrote: On 03Mar2014 09:17, Neal Becker ndbeck...@gmail.com wrote: Charles R Harris charlesr.har...@gmail.com Wrote in message: Imo the lesson here is never write in low level c. Use modern languages with well designed exception handling. What, and rely on someone else's low level C? Why is C the lowest denominator? Even with correctly written C and assembly, how can you be sure that your processor is executing the SYSRET instruction safely? (CVE-2012-0217 for anyone interested) If you do not have the system tools to determine that, the system is seriously incomplete. Change os's, its that simple when you are down to the bare metal. If I wanted to determine that was correct on the TRS-80 Color Computer 3 in the basement, running nitros9 right now, I would put 3 calls to F$RegDump in the assembly code, one in the caller as the last thing done before the call, one in the subroutine immediately in front of the return, and one as the first operation done when the return register image has been pulled from the stack. ~Andrew Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene NOTICE: Will pay 100 USD for an HP-4815A defective but complete probe assembly. -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
MRAB pyt...@mrabarnett.plus.com: Into how many versions did Lisp split in its first 23 years? :-) I'm partial to Scheme, but I'll take any version. If you had tried Python 30 years ago, you'd give it up for any serious work because it would be so slow and consume so much memory. C++ virtual functions used to be avoided because of performance reasons. These are truly amazing times for computing: Java, C#, Python etc are now mainstream, and advanced programming concepts like closures are available to and expected from run-of-the-mill code pushers. Java programmers were afflicted by XML and didn't know of anything better. They are now being exposed to Clojure. Python programmers are starting to see glimpses of a better world with ast.literal_eval(). So we are getting there. Give it a few more decades. Marko -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Tue, Mar 4, 2014 at 9:19 AM, Cameron Simpson c...@zip.com.au wrote: On 03Mar2014 09:17, Neal Becker ndbeck...@gmail.com wrote: Charles R Harris charlesr.har...@gmail.com Wrote in message: Imo the lesson here is never write in low level c. Use modern languages with well designed exception handling. What, and rely on someone else's low level C? Someone needs to port Python to LISP. And then write a LISP interpreter in JavaScript. And an ECMAScript engine in Pike. And a Pike interpreter in Java. And a Java run-time written in ActionScript. It's turtles all the way down... ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On 03Mar2014 09:17, Neal Becker ndbeck...@gmail.com wrote: Charles R Harris charlesr.har...@gmail.com Wrote in message: Imo the lesson here is never write in low level c. Use modern languages with well designed exception handling. What, and rely on someone else's low level C? -- Cameron Simpson c...@zip.com.au Hag:Two things you must know about the wise woman. First...she is a woman. Second...she is... Edmund Blackadder: Wise? Hag:Oh! You know her then? Edmund Blackadder: No, just a stab in the dark, which is what you'll be getting in a minute if you don't become more helpful. - Edmund Blackadder to Old Hag, Bells, BA2 -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On 03/03/2014 22:25, Chris Angelico wrote: On Tue, Mar 4, 2014 at 9:19 AM, Cameron Simpson c...@zip.com.au wrote: On 03Mar2014 09:17, Neal Becker ndbeck...@gmail.com wrote: Charles R Harris charlesr.har...@gmail.com Wrote in message: Imo the lesson here is never write in low level c. Use modern languages with well designed exception handling. What, and rely on someone else's low level C? Someone needs to port Python to LISP. And then write a LISP interpreter in JavaScript. And an ECMAScript engine in Pike. And a Pike interpreter in Java. And a Java run-time written in ActionScript. It's turtles all the way down... ChrisA Or write every language in Applescript which has 42 not very obvious ways of doing each and everything. -- My fellow Pythonistas, ask not what our language can do for you, ask what you can do for our language. Mark Lawrence --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Mon, Mar 3, 2014 at 2:25 PM, Chris Angelico ros...@gmail.com wrote: On Tue, Mar 4, 2014 at 9:19 AM, Cameron Simpson c...@zip.com.au wrote: On 03Mar2014 09:17, Neal Becker ndbeck...@gmail.com wrote: Charles R Harris charlesr.har...@gmail.com Wrote in message: Imo the lesson here is never write in low level c. Use modern languages with well designed exception handling. What, and rely on someone else's low level C? Someone needs to port Python to LISP. And then write a LISP interpreter in JavaScript. And an ECMAScript engine in Pike. And a Pike interpreter in Java. And a Java run-time written in ActionScript. It's turtles all the way down... You can go much simpler than that. Merely port Python to LISP, then write a LISP interpreter in Python. Done. Now, bootstrapping those interpreters might pose a bit of a challenge... ChrisA -- https://mail.python.org/mailman/listinfo/python-list -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Tue, Mar 4, 2014 at 9:55 AM, Chris Kaynor ckay...@zindagigames.com wrote: You can go much simpler than that. Merely port Python to LISP, then write a LISP interpreter in Python. Done. Actually, here's an easier way. Just write an 80x86 assembly language interpreter in Python, then port CPython to Python. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
In article mailman.7670.1393885170.18130.python-l...@python.org, Cameron Simpson c...@zip.com.au wrote: On 03Mar2014 09:17, Neal Becker ndbeck...@gmail.com wrote: Charles R Harris charlesr.har...@gmail.com Wrote in message: Imo the lesson here is never write in low level c. Use modern languages with well designed exception handling. What, and rely on someone else's low level C? Don't laugh. http://c2.com/cgi/wiki?TheKenThompsonHack -- https://mail.python.org/mailman/listinfo/python-list
Re: How security holes happen
On Tue, Mar 4, 2014 at 10:05 AM, Roy Smith r...@panix.com wrote: In article mailman.7670.1393885170.18130.python-l...@python.org, Cameron Simpson c...@zip.com.au wrote: On 03Mar2014 09:17, Neal Becker ndbeck...@gmail.com wrote: Charles R Harris charlesr.har...@gmail.com Wrote in message: Imo the lesson here is never write in low level c. Use modern languages with well designed exception handling. What, and rely on someone else's low level C? Don't laugh. http://c2.com/cgi/wiki?TheKenThompsonHack I don't think malicious interference with C compilers is the issue here, so much as the constant discovery of flaws in honestly-written C code. Currently, I'm porting a MUD client from C++ to Pike. On average, a hunk of code shrinks by about 50% during the translation, mainly because I can let memory management happen elsewhere. (Sometimes the difference is even more dramatic. I wrote my own binary tree in the C++ client, because the compiler I was targeting at the time didn't provide a suitable mapping type; now, I just call on the language's facilities, and it's more efficient and takes no code whatsoever. That's basically one entire module eliminated.) Along the way, I'm noticing myriad little issues around the place, where too much data would result in something being truncated (I was careful in most places to ensure that it couldn't blow the stack, although I certainly wouldn't bet money that I was perfect on that score), and the truncation could have unexpected results. Malformed data coming in over a TCP socket would eventually consume all the buffer space and then make the client think the other end had closed its connection. That one I knew about and didn't care, but there were others that were weird and esoteric and would *most likely* never happen. Writing low level code opens you up to a huge collection of weird behaviours that might, at best, become bug reports that you spend hours trying to solve. At worst, they become exploits. Yes, high level languages have their own attack vectors, but I'd much rather have the entire python-dev team working to solve my problems than me alone :) ChrisA -- https://mail.python.org/mailman/listinfo/python-list