LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

GNU sed 4.2.2 released; maintainer resigns

GNU sed 4.2.2 released; maintainer resigns

Posted Dec 24, 2012 20:09 UTC (Mon) by khim (subscriber, #9252)
In reply to: GNU sed 4.2.2 released; maintainer resigns by landley
Parent article: GNU sed 4.2.2 released; maintainer resigns

Scripting languages like python, ruby, lua, and so on abstract away memory management and type conversions, providing opaque abstractions that you can use without caring how they're implemented.

This is only true if you don't care about the ability to actually use said program or when all the inputs are non-hostile. That's why scripting languages are good for software development and awful for anything else.

Is a dictionary a hash table or a tree?

…say you to yourself and happily use them everywhere. Ten days after release your service is killed by a well-crafted attack and you suddenly need to urgently redo everything while your company is rapidly losing money.

Is the garbage collector mark and sweep or reference counting?

You may not care till your circular structures fill all the memory (if that's reference counting GC and you “don't know and don't care about that”) or, alternatively, till all your backends are tied by the uncollected “Connection” objects and your site no longer accessible.

It doesn't matter, it just works.

…till it does not. Sorry, but all the scripting languages are unbelievably leaky.

Most of the complexity of C programs comes from the program. A significant part of the complexity of C++ programs comes from the language.

This is true for most higher-level languages, not just for C++. And C++ is, in fact, one of the best ones. In my own practice it's much easier to tame C++ compiler rather then JVM's histrionics (and let's not even try to talk about Python). With C++ quite often you find out that code which should compile for some reason refuses do to so, or sometimes it does something strange, but rarely code does what you need in tests but falls apart under real load while “great” scripting languages tend to behave this way regularly.

(Log in to post comments)

GNU sed 4.2.2 released; maintainer resigns

Posted Dec 27, 2012 23:09 UTC (Thu) by marcH (subscriber, #57642) [Link]

> > Is a dictionary hash table or a tree?

> …say you to yourself and happily use them everywhere. Ten days after release your service is killed by a well-crafted attack [link to Python hash collision security issue] and you suddenly need to urgently redo everything [huh, why "everything"?!]

Are you seriously saying that you'd rather deal with the gazillion of security and obfuscation issues that every junior/average engineer in your team routinely leaves in your product (since most of them don't understand C++), as opposed to simply patching a successful, massively used, open source and well maintained external component?

At least for this example you must have been kidding.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds