1 |
[I have stripped all mention of capitalisation, as it is off-topic here. |
2 |
However, a seeming lack of competence in English will lead people to believe |
3 |
that the incompetence also leaks into the code. This is especially true when |
4 |
this lack of writing competence is intentional.] |
5 |
|
6 |
On Sun, Jul 19, 2020 at 07:30:39AM +0000, Caveman Al Toraboran wrote: |
7 |
> i'm not universally against c++, but i'm against |
8 |
> it for a passwords manager, because it needlessly |
9 |
> re-invents many wheels including memory management |
10 |
> which is already done in other languages, such as |
11 |
> python. and a passwords manager is too critical |
12 |
> to risk re-inventing such wheels. |
13 |
|
14 |
Just because something is not strongly typed and does not perform automatic |
15 |
garbage-collection (which is very insecure for something like a password- |
16 |
manager anyway), does not mean it is reinventing any wheels. It just forces |
17 |
people to design their programs properly; weak typing is the absolute worst |
18 |
feature of all these modern languages. |
19 |
|
20 |
> and keepassxc is full of segfaults [1] |
21 |
> [1] https://github.com/keepassxreboot/keepassxc/issues?q=segfault |
22 |
|
23 |
There are no open issues regarding segmentation violations. There may have been |
24 |
at some point, but that is why I keep mentioned that the project is matured. |
25 |
|
26 |
> true, but that's not my point. my point is the |
27 |
> increased complexity by itself, from an |
28 |
> occam-razorian point of view. |
29 |
|
30 |
Occam's Razor does not always apply. For example, forcing people to enter their |
31 |
plain-text passwords on the command-line may be simpler than polling stdin, but, |
32 |
surprisingly, it is not the best solution. |
33 |
|
34 |
> this is a logical consequence that follows once |
35 |
> you accept that every assumption has a positive |
36 |
> probability of error, by definition. |
37 |
> |
38 |
> then fancier build setup is effectively equivalent |
39 |
> to requiring more assumptions. |
40 |
|
41 |
You are now against _all_ languages which run as native code (require a compiler |
42 |
or linker/build system) ? Just because you did not personally write the Python |
43 |
interpreter does not make it non-existent, and thus simple. If you want to write |
44 |
something minimalistic and ultra-simple, why don't you use Assembly language |
45 |
(semi-serious suggestion) ? I assure you, that is far simpler and lightweight |
46 |
than _invoking Python for every run_ ! |
47 |
|
48 |
Executing ./nsapass without any arguments takes around 0.054 seconds, whereas my |
49 |
euses implementation (written in C) takes 0.002 seconds to open, buffer, search, |
50 |
and close tens of multi-thousand-line USE-flag description files, in addition to |
51 |
parsing a few INI files. Please, do not attack compiled languages too much; they |
52 |
are not going anywhere for a long time. |
53 |
|
54 |
> true. in some apps c/c++ is superior thanks to |
55 |
> performance or lower level system management. |
56 |
|
57 |
I think in virtually every case, well-designed code written in native languages |
58 |
have an extreme performance benefit. The one counterexample might be Java (not |
59 |
interpreted; JIT'd on-the-fly), as that has matured over such a long period of |
60 |
time [1]. |
61 |
|
62 |
> no. thats a strawman. you're ignoring the |
63 |
> context: passwords manager. i'm sayin, c++ is an |
64 |
> overkill for a passwords manager. |
65 |
|
66 |
It's such a general-purpose language, it's not really "overkill" for anything. |
67 |
Maybe an operating system or device driver, yes, but not a userspace QT |
68 |
application ! You seem to be under the misguided impression that C and C++ are |
69 |
low-level languages ? |
70 |
|
71 |
> but c++ for a passwords manager? nothx, i don't |
72 |
> want to risk funny memory bugs around my dear |
73 |
> passwords. |
74 |
|
75 |
You are capitalising (no pun intended) on this issue of memory-management, but |
76 |
aside from a search for the term "segfault" on the KeePassXC GitHub issues page, |
77 |
you have no evidence to suggest that your code improves upon these non-existent |
78 |
problems. It _is_ possible to write code in C/C++ which does not have memory |
79 |
violations; you just need to know what you're accessing is valid, and perform |
80 |
proper testing to make sure. |
81 |
|
82 |
> > If people look at the image and don't read the text, then they will be |
83 |
> > misinformed. |
84 |
> |
85 |
> i don't see where is the misinformation. it's all |
86 |
> around occam's razor and characters approved by |
87 |
> the unicode consortium. |
88 |
|
89 |
Because the GitHub-generated distribution of languages is simply incorrect. |
90 |
There is no C in this project. Additionally, the fact that someone dare use a |
91 |
Makefile for their C++ project is not really cause for concern. The fact that |
92 |
someone would write almost four-hundred lines of Python with zero comments (not |
93 |
even Python docstrings to describe functions), is a concern for me. You keep |
94 |
mentioning how it's very easy to audit, but you certainly provide a hard time |
95 |
for the auditor. |
96 |
|
97 |
> > If you want to be creative, invent a new algorithm or program that is |
98 |
> > indubitably superior to its predecessor, much like chip designers are doing |
99 |
> > today. People will appreciate and respect new, beneficial ideas much more |
100 |
> > than a few layers of free clip-art put together in GIMP. |
101 |
> |
102 |
> not mutually exclusive, and 2nd part is strawman |
103 |
> (nsapass is more than layers of GIMP; the layers |
104 |
> of GIMP is only part of the README.md content for |
105 |
> honest and to the point dissemination of content). |
106 |
|
107 |
It is not a strawman argument. You do not have any grounds to say that the |
108 |
KeePassXC model is overly complex, just because it is written in C++ with a few |
109 |
build utilities attached, and suggesting that it is a poorly coded/designed |
110 |
application based solely on this groundless assertion is inappropriate. |
111 |
|
112 |
> thanks for trying. highly appreciate your time |
113 |
> and efforts. but tbh there is no way i see to |
114 |
> justify re-invented wheels in c++ for a passwords |
115 |
> manager. |
116 |
|
117 |
Which wheel has been reinvented for KeePassXC ? Unless I'm missing something, |
118 |
and they've rewritten malloc(3), you seem to think that "reinventing the wheel" |
119 |
is synonymous with good design and careful memory-management. The fact that the |
120 |
environment (in this case, the O.S.) does not do that for you does not mean the |
121 |
developers are reinventing anything. |
122 |
|
123 |
> looks like an appeal to authority. plus that |
124 |
> gentoo dev's quote is wrong. |
125 |
|
126 |
Gentoo developers have no authority over this matter. |
127 |
|
128 |
> the key is not to have a "different" view. the |
129 |
> key is to be open minded to explore different |
130 |
> views in order to discover the "correct" view, |
131 |
> then stick to it, while still being open to look |
132 |
> around. but once you find the correct view, you |
133 |
> don't leave it for the sake of adopting a |
134 |
> different view. |
135 |
|
136 |
Perhaps... I'm not too sure how to respond to such a statement. If you are going |
137 |
to accuse me of being closed-minded because I (try to) use correct English and |
138 |
(try to) write careful and performant code, I'm don't think that this thread |
139 |
should continue. |
140 |
|
141 |
Cheers, |
142 |
Ashley. |
143 |
|
144 |
-- |
145 |
|
146 |
Ashley Dixon |
147 |
suugaku.co.uk |
148 |
|
149 |
2A9A 4117 |
150 |
DA96 D18A |
151 |
8A7B B0D2 |
152 |
A30E BF25 |
153 |
F290 A8AA |