August 11th, 2004

  • evan

browsers, open source detachment

It's not like browsers other than IE are not buggy by virtue of not being Microsoft products. Unfortunately, I think only programmers really understand this, so the FireFox cheerleading continues by bloggers everywhere. I guess it is more secure by virtue of being 1% of the market. Maybe they'll drop enough money eventually to learn to be very careful, but I doubt it.
(I expect that the major security difference of FireFox is that C++ness helps prevent buffer overflows. Someone observed in my C security class that most/all of these efforts to statically detect buffer overflows wouldn't be necessary if they just used C++ strings.)

I was using Safari at the Mozilla developer day. My day-friend Casey pointed out that was probably bad form, so I downloaded Firefox. But minor things just got on my nerves and I switched back.

I've found since coming to Google that I've suddenly become uninterested in a whole divison of free software software. Now that GNOME/KDE have figured out how the technical issues of widgets and windows and international text, what separates free software UIs from professional ones are integration and usability, two things free software tends to suck at. They're also problems that are more social: I understand that good design/usability is hard and also an engineering discipline, but they're not really for me. I still find lower level stuff like memcached, cairo, freebsd, etc. fascinating, but I find myself just skimming the GNOME lists now. As everyone else says: I mostly just want stuff to work. (I still use Debian because I've still never encountered something that just works as well as Debian's apt.)

It probably helps that at work I modify code so far below the search it's rarely even seen by other engineers, let alone users.
  • evan

in nondefense of C++

Sorry for the C++ comment: I meant it helps with the trivial sort of buffer overflows (strcpy versus strncpy) that I think Microsoft still falls victim to. Daniel Weise (who apparently has left MS now) gave a presentation (590dg class, again) about their extensions to C to have functions allow relating the "char *str" and "int len" arguments and to do some bounds-checking and his amount of success getting Microsoft to use it internally.

There certainly are all sorts for security problems other than that. But I recall IE bugs from stuff like "if you click on a URL [of a certain form] that's too long", which pretty much screams fixed-length buffer to me.
  • evan

sapir whorf

A random discussion with Matt led (as all discussions inevitably lead) to wikipedia: Sapir-Whorf Hypothesis, which turns out to have a sorta amusing section on programming languages. (I detect a hint of bitterness in there about imperative languages... :P)