| 1 |
[I have stripped all mention of capitalisation, as it is off-topic here. |
| 2 |
However, a seeming lack of competence in English will lead people to believe |
| 3 |
that the incompetence also leaks into the code. This is especially true when |
| 4 |
this lack of writing competence is intentional.] |
| 5 |
|
| 6 |
On Sun, Jul 19, 2020 at 07:30:39AM +0000, Caveman Al Toraboran wrote: |
| 7 |
> i'm not universally against c++, but i'm against |
| 8 |
> it for a passwords manager, because it needlessly |
| 9 |
> re-invents many wheels including memory management |
| 10 |
> which is already done in other languages, such as |
| 11 |
> python. and a passwords manager is too critical |
| 12 |
> to risk re-inventing such wheels. |
| 13 |
|
| 14 |
Just because something is not strongly typed and does not perform automatic |
| 15 |
garbage-collection (which is very insecure for something like a password- |
| 16 |
manager anyway), does not mean it is reinventing any wheels. It just forces |
| 17 |
people to design their programs properly; weak typing is the absolute worst |
| 18 |
feature of all these modern languages. |
| 19 |
|
| 20 |
> and keepassxc is full of segfaults [1] |
| 21 |
> [1] https://github.com/keepassxreboot/keepassxc/issues?q=segfault |
| 22 |
|
| 23 |
There are no open issues regarding segmentation violations. There may have been |
| 24 |
at some point, but that is why I keep mentioned that the project is matured. |
| 25 |
|
| 26 |
> true, but that's not my point. my point is the |
| 27 |
> increased complexity by itself, from an |
| 28 |
> occam-razorian point of view. |
| 29 |
|
| 30 |
Occam's Razor does not always apply. For example, forcing people to enter their |
| 31 |
plain-text passwords on the command-line may be simpler than polling stdin, but, |
| 32 |
surprisingly, it is not the best solution. |
| 33 |
|
| 34 |
> this is a logical consequence that follows once |
| 35 |
> you accept that every assumption has a positive |
| 36 |
> probability of error, by definition. |
| 37 |
> |
| 38 |
> then fancier build setup is effectively equivalent |
| 39 |
> to requiring more assumptions. |
| 40 |
|
| 41 |
You are now against _all_ languages which run as native code (require a compiler |
| 42 |
or linker/build system) ? Just because you did not personally write the Python |
| 43 |
interpreter does not make it non-existent, and thus simple. If you want to write |
| 44 |
something minimalistic and ultra-simple, why don't you use Assembly language |
| 45 |
(semi-serious suggestion) ? I assure you, that is far simpler and lightweight |
| 46 |
than _invoking Python for every run_ ! |
| 47 |
|
| 48 |
Executing ./nsapass without any arguments takes around 0.054 seconds, whereas my |
| 49 |
euses implementation (written in C) takes 0.002 seconds to open, buffer, search, |
| 50 |
and close tens of multi-thousand-line USE-flag description files, in addition to |
| 51 |
parsing a few INI files. Please, do not attack compiled languages too much; they |
| 52 |
are not going anywhere for a long time. |
| 53 |
|
| 54 |
> true. in some apps c/c++ is superior thanks to |
| 55 |
> performance or lower level system management. |
| 56 |
|
| 57 |
I think in virtually every case, well-designed code written in native languages |
| 58 |
have an extreme performance benefit. The one counterexample might be Java (not |
| 59 |
interpreted; JIT'd on-the-fly), as that has matured over such a long period of |
| 60 |
time [1]. |
| 61 |
|
| 62 |
> no. thats a strawman. you're ignoring the |
| 63 |
> context: passwords manager. i'm sayin, c++ is an |
| 64 |
> overkill for a passwords manager. |
| 65 |
|
| 66 |
It's such a general-purpose language, it's not really "overkill" for anything. |
| 67 |
Maybe an operating system or device driver, yes, but not a userspace QT |
| 68 |
application ! You seem to be under the misguided impression that C and C++ are |
| 69 |
low-level languages ? |
| 70 |
|
| 71 |
> but c++ for a passwords manager? nothx, i don't |
| 72 |
> want to risk funny memory bugs around my dear |
| 73 |
> passwords. |
| 74 |
|
| 75 |
You are capitalising (no pun intended) on this issue of memory-management, but |
| 76 |
aside from a search for the term "segfault" on the KeePassXC GitHub issues page, |
| 77 |
you have no evidence to suggest that your code improves upon these non-existent |
| 78 |
problems. It _is_ possible to write code in C/C++ which does not have memory |
| 79 |
violations; you just need to know what you're accessing is valid, and perform |
| 80 |
proper testing to make sure. |
| 81 |
|
| 82 |
> > If people look at the image and don't read the text, then they will be |
| 83 |
> > misinformed. |
| 84 |
> |
| 85 |
> i don't see where is the misinformation. it's all |
| 86 |
> around occam's razor and characters approved by |
| 87 |
> the unicode consortium. |
| 88 |
|
| 89 |
Because the GitHub-generated distribution of languages is simply incorrect. |
| 90 |
There is no C in this project. Additionally, the fact that someone dare use a |
| 91 |
Makefile for their C++ project is not really cause for concern. The fact that |
| 92 |
someone would write almost four-hundred lines of Python with zero comments (not |
| 93 |
even Python docstrings to describe functions), is a concern for me. You keep |
| 94 |
mentioning how it's very easy to audit, but you certainly provide a hard time |
| 95 |
for the auditor. |
| 96 |
|
| 97 |
> > If you want to be creative, invent a new algorithm or program that is |
| 98 |
> > indubitably superior to its predecessor, much like chip designers are doing |
| 99 |
> > today. People will appreciate and respect new, beneficial ideas much more |
| 100 |
> > than a few layers of free clip-art put together in GIMP. |
| 101 |
> |
| 102 |
> not mutually exclusive, and 2nd part is strawman |
| 103 |
> (nsapass is more than layers of GIMP; the layers |
| 104 |
> of GIMP is only part of the README.md content for |
| 105 |
> honest and to the point dissemination of content). |
| 106 |
|
| 107 |
It is not a strawman argument. You do not have any grounds to say that the |
| 108 |
KeePassXC model is overly complex, just because it is written in C++ with a few |
| 109 |
build utilities attached, and suggesting that it is a poorly coded/designed |
| 110 |
application based solely on this groundless assertion is inappropriate. |
| 111 |
|
| 112 |
> thanks for trying. highly appreciate your time |
| 113 |
> and efforts. but tbh there is no way i see to |
| 114 |
> justify re-invented wheels in c++ for a passwords |
| 115 |
> manager. |
| 116 |
|
| 117 |
Which wheel has been reinvented for KeePassXC ? Unless I'm missing something, |
| 118 |
and they've rewritten malloc(3), you seem to think that "reinventing the wheel" |
| 119 |
is synonymous with good design and careful memory-management. The fact that the |
| 120 |
environment (in this case, the O.S.) does not do that for you does not mean the |
| 121 |
developers are reinventing anything. |
| 122 |
|
| 123 |
> looks like an appeal to authority. plus that |
| 124 |
> gentoo dev's quote is wrong. |
| 125 |
|
| 126 |
Gentoo developers have no authority over this matter. |
| 127 |
|
| 128 |
> the key is not to have a "different" view. the |
| 129 |
> key is to be open minded to explore different |
| 130 |
> views in order to discover the "correct" view, |
| 131 |
> then stick to it, while still being open to look |
| 132 |
> around. but once you find the correct view, you |
| 133 |
> don't leave it for the sake of adopting a |
| 134 |
> different view. |
| 135 |
|
| 136 |
Perhaps... I'm not too sure how to respond to such a statement. If you are going |
| 137 |
to accuse me of being closed-minded because I (try to) use correct English and |
| 138 |
(try to) write careful and performant code, I'm don't think that this thread |
| 139 |
should continue. |
| 140 |
|
| 141 |
Cheers, |
| 142 |
Ashley. |
| 143 |
|
| 144 |
-- |
| 145 |
|
| 146 |
Ashley Dixon |
| 147 |
suugaku.co.uk |
| 148 |
|
| 149 |
2A9A 4117 |
| 150 |
DA96 D18A |
| 151 |
8A7B B0D2 |
| 152 |
A30E BF25 |
| 153 |
F290 A8AA |
Archives