[Cryptography] how reliably do audits spot backdoors?
James A. Donald
jamesd at echeque.com
Sat Dec 28 05:04:42 EST 2013
On 2013-12-26 17:37, ianG wrote:
> I do it all in Java. Once, when I did a port from Java to various
> languages, it took 5 times longer to get it into C as opposed to various
> OO languages (PHP, Perl).
Transating to C, you have to add your own memory management code, which
is a large part of any C program, hence the much longer C translation times.
Modern C++ has some tools that substantially automate memory management
and type management, but you still have to think about memory
management, while Java does it all for you.
Perl, Java, and PHP are all memory managed languages, so translation
from Java to Perl or PHP is straightforward.
PHP notoriously tends to turn into spaghetti code, people keep copying
and pasting the code, resulting in lots of lots of code pages that are
similar but not identical. You are, of course, not supposed to do this,
but, but, the boss wants this bug fixed, or this feature added,
tomorrow. As a result, productivity in kilolines per hour is alarmingly
high.
Translating Java into Perl is doubtless easy, but translating from Perl
to Java ... Perl is a write only language.
C++ has the wonderfully powerful template system. Unfortunately, the
template system is apt to produce gigantic error messages whose sheer
size makes them difficult for anyone to comprehend. But you can do
things with templating that you cannot do in any other language except
lisp. In this sense, C++ is the highest level language of them all,
except for lisp, as well as being the lowest level language of them all.
More information about the cryptography
mailing list