Performance comparison

David Ross <drossruby@yahoo.com> writes:

Yes, that is the 20 million story. I smile at that one
still. Someone please fwap() me if I ever make a
release with a bug like that

It is equally important in any language that mistakes
are not made like this. They are very dangerous. I am
curious on the print functions in Ruby as to if the
ones that are unsafe to use in certain applicatoins
are equally unsafe in Ruby. Of course gets() is
unsafe, it is in every language.

Huh? Why?

I'm seeing something different actually. Students in
my class (computer
science), are more interested in ruby. Absolute
beginners on the other
hand (not schooled in "thinking about special
conditions and error
handling"), tend to rather grab a "C++ in 21 days"
book, or a "Java for
dummies book". Not because they plan to write huge
programs, or need the
speed, but just because others use it. Suggest
beginning with ruby, and
they just say "never heard of it, so I won't
bother".

I try not to go with "fad" languages like Java. It was
*horrible* just trying to read a java book comming
from C/C++ background. *shrug*

Yes people do use the language that is the current
fad. People are forced to use a language in college,
and they usually stick with that language without
trying others. It makes me sick!

I have been through many books and languages. I start
talking to other people and they go, "huh?"

I wish there were more people to talk to on the
intelectual programming level around my area, because
most people around here use.. *dumm dummm DUMMMM*
Microsoft Visual Studio .NET VB and C*. Same with all
the businesses in this location.. except maybe Oak
Ridge Labs

Martin DeMello <martindemello@yahoo.com> writes:

I might disagree with lothar on some points, but this
time he is right. Using a dynamic language you don't
running in to problems you would with other languages
like C. The common script languages have protections
for thier programmers, and I find it most difficult to
trust other peoples code at most. The more you use
"safer" languages, the less you are able to learn
about the problems. The less you learn about problems
the less you tend to not think about several methods
of programming and your skills are not as good as a C
programmer.

Ruby certainly does reduce programming time, but reeks
in performance. Its not as simple as to "send
patches". The ruby design is fine, and most likely
will lways be improving.

C programmers have to think more about design and
safety. With Most scripting languages which have
safety protection force the programmer not to even
think about the underlying code. With this, this is
the proof of why scripting language programmers are
not as good as per sey.. C programmers. I am sure this
is what lothar was meaning by "But to be honest i
think the most people using script languages are not
very good programmers"

Hello Alexey,

So far, I don't know any easy way to do the same with Ruby, so I end up
inserting things like "puts <expression>.inspect" and rerunning the
test. Which is not as nice as an interactive shell. Does anyone have a
better way?

My Arachno Ruby IDE will have this feature in it's 0.4 version. But it
is already available in the default ruby console debugger. You can simply
evaluate all statements and even redefine methods by cut&paste from your editor
after a breakpoint is hit.

We already had a longer discussion here if it is possible and good to
write an environment that acts more like a Lisp/Smalltalk image. But
i'm still not sure if this is the right way for a language like Ruby.

Alexey Verkhovsky wrote:

To me, the biggest problem with using irb in this mode is the "set up
some context" part.

Believe it or not, but it is quite easy to do with Eclipse/Java: one can
set a breakpoint, execute some test, wait till debugger stops on the
breakpoint, and then use Eclipse "Display" view to evaluate arbitrary
Java expressions in the current scope.

So far, I don't know any easy way to do the same with Ruby, so I end up
inserting things like "puts <expression>.inspect" and rerunning the
test. Which is not as nice as an interactive shell. Does anyone have a
better way?

I've done a quick implementation of breakpoints that will spawn an irb session at the point of the break point in your application yesterday. I've attached it.

Regards,
Florian Gross

breakpoint.rb (2.8 KB)

binding_of_caller.rb (2.14 KB)

Hello,

Try "irb --noprompt".

To me, the biggest problem with using irb in this mode is the "set up
some context" part.

Believe it or not, but it is quite easy to do with Eclipse/Java: one can
set a breakpoint, execute some test, wait till debugger stops on the
breakpoint, and then use Eclipse "Display" view to evaluate arbitrary
Java expressions in the current scope.

So far, I don't know any easy way to do the same with Ruby, so I end up
inserting things like "puts <expression>.inspect" and rerunning the
test. Which is not as nice as an interactive shell. Does anyone have a
better way?

In addition, to Florian Gross' nice technique, you could also use the
Ruby Debugger instead of IRB.
Just run your program with "ruby -r debug yourprog.rb". Even better,
if you use Emacs, is the ruby debugger mode for it "M-x rubydb".
Of course, this is not as transparent as Eclipse...

Cheers,
Zev

Its common security knowledge gets() is unsafe. It has
no bounds checking. I only talk about security and
ease of use. Its the only thing I like to talk about.

I love security.

The gets() function cannot be used securely. Because
of its lack of
     bounds checking, and the inability for the
calling program to reliably
     determine the length of the next incoming line,
the use of this function
     enables malicious users to arbitrarily change a
running program's func-
     tionality through a buffer overflow attack.

David Ross <drossruby@yahoo.com> writes:

> > But to be honest i think the most people using
> > script languages are not
> > very good programmers. This has to do that they
> > are very good beginner
> > languages for non technical persons who wants to
> > see results instead of
> > learning a theory first.
>
> So you know most programmers using script languages,
> AND their skills as a
> programmer? Wow, you have amazing insights!
>

[...]

C programmers have to think more about design and
safety.

You assume that most C software is well-designed and secure. The
opposite is true.

With Most scripting languages which have safety protection force the
programmer not to even think about the underlying code. With this,
this is the proof of why scripting language programmers are not as
good as per sey.. C programmers.

You assume that good programmers design with machine-code in mind;
again, the opposite is true.

I am sure this is what lothar was meaning by "But to be honest i think
the most people using script languages are not very good programmers"

And I agree. Additionally, most people using non-script languages are
shoddy programmers, too.

Hmmm... this sort of reminds me of a post I saw once of someone stating
that if you didn't write your win32 programs in assembly you were going
for the easy option and weren't _really_ a good programmer as you
weren't thinking performance.
I'm very far from considering myself as the prime example of a great
programmer:) , however I'm sure that ruby has taught me a lot,
especially in OO and general design of code. If using C or C++ I simply
go for the "shortest route" possible to get results. In ruby it's not
so. It's so flexible and encouraging that you actually _want_ to think
of various possibilities to solve a problem and find the best fit (short
term and long term).
It also depends on what your definition of a good programmer is. When I
see someone doing all their web development in C (yes I've seen that), I
don't think "what a great programmer, he can do the hardcore stuff". I
think, "why on earth is he using the wrong tools". There's no way I
would hire such a person, they don't have one of the basic qualities of
being a programmer: laziness.
Of course I have to agree that I'd have serious doubts about anyone who
had only ever used scripting languages, as it points to either
disinterest in programming or a beginner.

  -Daniel

LOL. Next time I make a wish on ruby-talk, I should remember that
fairies are reading it, too

Thanks a lot!

Alex

For me, programming languages are like tools. A good tradesman uses the
right tools for the job. The right tool is the one that makes works best
to achieve the desired outcome. A bad tradesman only is best described as
the one who uses a hammer to put in a screw, 'cause they only know how to
use hammers, not screw drivers.

Ofcourse, real programmers use microcode, ASM and FORTH.

Test/Unit Reporter publishes results of test/unit test suite execution
in HTML and other formats.

Current implementation includes two formatters:
                                                                                                                             * HTML formatter produces an HTML report. Sample report for Rake unit tests can be seen here: http://test-report.rubyforge.org/rake-report/index.html

* XML formatter formats test suite results in an XML file, using the
same format as Ant junit task. This output then can be passed to Ant
junitreport task to produce an HTML report, or otherwise
analyzed/processed with an XML parser.

You can download Test/Unit Reporter from
http://rubyforge.org/projects/test-report/

Hopefully some people will find it useful.

Since this is my first open-source Ruby project, packaging in this
release is spartan ("non-existent" may be more accurate). I am willing
to put some effort into it, but it's a lot of gadgets to learn. Any help
or advice from someone with expertise in these matters would be highly
appreciated.

Best regards,
Alexey Verkhovsky

David Ross wrote:

Its common security knowledge gets() is unsafe. It has
no bounds checking. I only talk about security and
ease of use. Its the only thing I like to talk about.

I love security.

from my manpages-- SECURITY CONSIDERATIONS
The gets() function cannot be used securely. Because
of its lack of
     bounds checking, and the inability for the
calling program to reliably
     determine the length of the next incoming line,
the use of this function
     enables malicious users to arbitrarily change a
running program's func-
     tionality through a buffer overflow attack.

To clarify, then: David, you are talking about the C 'gets()' function, correct? I agree that it should be avoided at all costs. However, Ruby's "gets()" function does not map directly to a C "gets()" invocation -- it does a lot more work, including bounds checking. Thus, saying "gets() is unsafe in every language" is rather misleading. I won't say it is "safe" in Ruby, since I'm not an expert in this area, but it is certainly not as hazardous to use as in vanilla C code.

(Someone please flame me gently if I've mispoken anything grossly regarging Ruby's internals...)

- Jamis

David Ross <drossruby@yahoo.com> writes:

Its common security knowledge gets() is unsafe. It has
no bounds checking. I only talk about security and
ease of use. Its the only thing I like to talk about.

I love security.

from my manpages-- SECURITY CONSIDERATIONS
The gets() function cannot be used securely. Because
of its lack of
     bounds checking, and the inability for the
calling program to reliably
     determine the length of the next incoming line,
the use of this function
     enables malicious users to arbitrarily change a
running program's func-
     tionality through a buffer overflow attack.

---------

There are many other insecure function calls. The
knowledge on how to use them properly is very nice to
have. Which most people lack. Also using printf() for
certain types of usage can lead to exploits. buffer
overflow problems, etc.

btw, I am a BSD dragon. So expect to get information
like this from me

I bite, be careful

I don't see how the safety of the corresponding C functions is relevant;
we were talking about the (safe) Ruby variants.

David Ross <drossruby@yahoo.com> writes:

[snip]

> I am sure this is what lothar was meaning by "But to be honest i think
> the most people using script languages are not very good programmers"

And I agree. Additionally, most people using non-script languages are
shoddy programmers, too.

Well said. +1

//Anders

Hello Daniel,

Hmmm... this sort of reminds me of a post I saw once of someone stating
that if you didn't write your win32 programs in assembly you were going
for the easy option and weren't _really_ a good programmer as you
weren't thinking performance.

I'm very far from considering myself as the prime example of a great
programmer:) , however I'm sure that ruby has taught me a lot,
especially in OO and general design of code. If using C or C++ I simply
go for the "shortest route" possible to get results. In ruby it's not
so. It's so flexible and encouraging that you actually _want_ to think
of various possibilities to solve a problem and find the best fit (short
term and long term).

No this was not exactly my the point.

And remember that this thread was not about ruby as a programming
language. It started with Java and moving to whole language families
(static typed <-> dynamically typed).

Ruby is special here because it still is a freak language. Freak in
this context may be substituted with "nerd", "scientist" or "old wise
man". My statement may become more understandable when you look at
the popular scripting languages out there

- PHP
- Java Script
- Perl
- Visual Basic (for Applications)
- TCL
- Python
- Ruby

in this order. And only compare the professionals doing there work
in (at least one of) these languages. At least from my experience in
the last 10 years i see a correlation between the main languages and
there programming skills. I don't know exactly why but i think David
Ross's argument is one of the main reasons. Many of the buggy PHP and
Javascripts are out there because failures don't have serious
consequences and if a person did not learn (or forgot) to be afraid of
errors he stops thinking about it intensively. In germany we say "er ist
versaut fürs Leben".

I see a huge problem with this in many Java apps where the normal
reaction is to say: "okay lets throw an exception" but the programmer
never tries to handle it somewhere else then in the main loop with a
catch all clause.

It also depends on what your definition of a good programmer is.

A good programmer is someone who is able to analyse a problem and
create a software implementation that meets the goal, keeping all
contraints (security, performance, extensibility) in acceptable ranges
according to the problem domain and customer requirements.
This should happen in a reliable and fast way.

well. I didn't include a bit of information of the
people I was targetting. I am not talking about the
half-job programs which are insecure or imcomplete. I
am talking about professional programmers who have had
years of experience. Most programs that are insecure
are most likely maintained by someone still in
college, or is a programmer with only a few years of
experience.

I assume nothing. I keep forgetting to include the
information I think about and only seem to include the
end conclusion. Professionalists design machine code.
I do not count the everyday application programmer as
a safe programmer.

I will introduce a quote to the public which was
brought to me that will basically shatter people if
all they do is want to write applicatoins as well that
don't have any contribution to the programming or
scientific community as well.

"The world can be a place for achievements where you
can expand, but why would you want to write throw away
code"

What does this mean? I have thought months on this
one. Why is this in the topic? Everytime I think about
programming this goes through my head. I refuse to
become a drone.

I can't exactly share on what this means for personal
reasons. You think for yourself. Though, I will have
to say this about other programmers. If you make a lot
of money programming, or even write code for a big
product , this does not make you a good programmer.

"Well, you can be a professional programmer, or you
can be a rich programmer"

This was another from a different friend. I get the
point, but I think even a good programmer can make
money. Hopefully.

Why am I even going over this?!
These are a couple quotes that I think about once and
a while, and that first one comes to my mind each time
I program. I am sharing. Okeday? Questions or comments
are wanted.

Hmmm... this sort of reminds me of a post I saw once
of someone stating
that if you didn't write your win32 programs in
assembly you were going
for the easy option and weren't _really_ a good
programmer as you
weren't thinking performance.

hehe, well writing programs that are massive in
assembly could take years

I'm very far from considering myself as the prime
example of a great
programmer:) , however I'm sure that ruby has taught
me a lot,
especially in OO and general design of code.

Oh indeed, I am not talking about learning new
techniques in scripting languages, but what you don't
learn from using non-scripting(and considered lower by
others, not me(*C,C++,etc)) languages.

If using C or C++ I simply
go for the "shortest route" possible to get results.

Libraries, libraries, libraries! and documentation

It also depends on what your definition of a good
programmer is. When I
see someone doing all their web development in C
(yes I've seen that), I
don't think "what a great programmer, he can do the
hardcore stuff". I
think, "why on earth is he using the wrong tools".

weeell... It is certainly possible to create web
applications in even assembly. I have only practiced
with using C. I wish that I could expand on
programming safely with CGI using C. I don't think it
would be considered using a wrong tool. There is
available documentation for reading on the link below.
I just wish there was a more complex C library for
use.

http://www.cgisecurity.com/

There's no way I
would hire such a person, they don't have one of the
basic qualities of
being a programmer: laziness.

Don't watch TV?

Of course I have to agree that I'd have serious
doubts about anyone who
had only ever used scripting languages, as it points
to either
disinterest in programming or a beginner.

You just insulted most people out there You
wouldn't imagine how many applications are being made
in.. php..

php irc bots, php mp3 players(they boot an installed
mp3 library), etc.

I also think those people are really full of
themselves.

So do I like Ruby? Yes. I like many things. Ruby is by
far the most dynamic language I have come to interact
with and like the community despite some people who
are blind.

Thanks for your input, much appriciated.

There's only one reply to this:

http://ars.userfriendly.org/cartoons/?id=19990508

And of course, "The Story of Mel".

s.