LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Remote root hole in Samba

Remote root hole in Samba

Posted Apr 11, 2012 15:12 UTC (Wed) by jreiser (subscriber, #11027)
In reply to: Remote root hole in Samba by lopgok
Parent article: Remote root hole in Samba

There is in general, no excuse to write complete programs in C/C++ or other languages where buffer overflows are trivial.

Not only are there valid excuses, there are good reasons. Programming is an economic art with differing valuation functions, some of which are time-varying. You may promote the valuations you prefer, but others may promote theirs.

(Log in to post comments)

Remote root hole in Samba

Posted Apr 11, 2012 17:06 UTC (Wed) by lopgok (guest, #43164) [Link]

In terms of economics there is no justification for writing an entire program in C. Time to develop, difficulity to maintain, lines of code, and security all point away from using C/C++.

Perhaps you should read Paul Graham about writing a web app for shopping carts. http://www.paulgraham.com/avg.html

Remote root hole in Samba

Posted Apr 11, 2012 18:13 UTC (Wed) by khim (subscriber, #9252) [Link]

In terms of economics there is no justification for writing an entire program in C. Time to develop, difficulity to maintain, lines of code, and security all point away from using C/C++.

This depends on your needs, really. How many OS kernel you can name written in Haskel? How many modern Web Browsers afre out there written in Lisp or even Java?

Perhaps you should read Paul Graham about writing a web app for shopping carts. http://www.paulgraham.com/avg.html

Yeah. That's good article. But you don't really need the whole behemoth. Single first footnote is more then enough:

Viaweb at first had two parts: the editor, written in Lisp, which people used to build their sites, and the ordering system, written in C, which handled orders. The first version was mostly Lisp, because the ordering system was small. Later we added two more modules, an image generator written in C, and a back-office manager written mostly in Perl.

In January 2003, Yahoo released a new version of the editor written in C++ and Perl. It's hard to say whether the program is no longer written in Lisp, though, because to translate this program into C++ they literally had to write a Lisp interpreter: the source files of all the page-generating templates are still, as far as I know, Lisp code. (See Greenspun's Tenth Rule.)

Erlang, Hakell, Lisp and other exotic languages work just fine for a startup (indeed they may be more effective then C/C++ depending on the task), but they don't scale. The very simple fact that you need someone with exotic skillset to develop such a thing means that when you grow beyond the startup phase you need to redo the thing in some other language… and you often lose so much in transition that sometimes your initial lead is not enough to survive.

And if you are not a startup then it's easier to use language familiar to the people in your company rather then to try to find or train someone to use Scheme or something similar… which means C/C++ is often pretty damn good choice (if not the best one).

Remote root hole in Samba

Posted Apr 11, 2012 21:20 UTC (Wed) by lopgok (guest, #43164) [Link]

So what percentage of google is written in C/C++ ?
I have heard it is mostly java, python, and C/C++ in third place.
Notice that java and python have
1) bounds checked arrays
2) memory management

I don't think that google is a startup anymore.

According to you, they should write everything in C/C++ because it is easier to find people who already know it.

I believe that gmail is all python...

Remote root hole in Samba

Posted Apr 11, 2012 22:36 UTC (Wed) by khim (subscriber, #9252) [Link]

So what percentage of google is written in C/C++ ?

A lot. I'm not sure I can disclose the precise numbers, but most performance-critical pieces (such as search or ads where every saved millisecond can be translated directly to revenue) are written in C++.

I have heard it is mostly java, python, and C/C++ in third place.

Nope. Python was never used for anything “heavy”. It think the heaviest python-based application is still Mondrian. Python is used for monitoring, for creation of reports, that kind of stuff.

When Google was startup it created plethora of languages (things like Sawzall), and new DSLs are introduced from time to time, but the main pillars are still C++ and Java.

I don't think that google is a startup anymore.

Yup. That's why it uses industry-standard languages now.

According to you, they should write everything in C/C++ because it is easier to find people who already know it.

Bingo! They do! Of course Java is even more popular thus less performance-critical pieces are written in Java.

I believe that gmail is all python...

Well, the last time I've worked with GMail codebase was about three years ago and it was C++ backend and Java (and obviously JavaScript) in frontend. I know they did extensive redesign after that time so I'm not fully sure about the current split between Java and C++, but no, python was never under consideration. Beyond monitoring and report tools, that is.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds