[Cryptography] encoding formats should not be committee'ized

ianG iang at iang.org
Sat Oct 5 04:41:03 EDT 2013 

On 2/10/13 00:16 AM, James A. Donald wrote:
> On 2013-10-02 05:18, Jerry Leichter wrote:
>> To be blunt, you have no idea what you're talking about. I worked at
>> Google until a short time ago; Ben Laurie still does. Both of us have
>> written, submitted, and reviewed substantial amounts of code in the
>> Google code base. Do you really want to continue to argue with us
>> about what the Google Style Guide is actually understood within Google?
>
> The google style guide, among other things, prohibits multiple direct
> inheritance and operator overloading, except where stl makes you do
> operator overloading.


I do similar.  I prohibit reflection and serialization in java.  In C I 
used to prohibit malloc().

> Thus it certainly prohibits too-clever code.  The only debatable
> question is whether protobufs, and much of the rest of the old codebase,
> is too-clever code - and it certainly a lot more clever than operator
> overloading.

protobufs I would see as just like any external dependency -- trouble, 
and not good for security.  Like say an external logger or IPC or crypto 
library.  It would be really nice to eliminate these things but often 
enough one can't.

On the other hand, if you are not so fussed about security, then it is 
probably far better to use protobufs to stop the relearning cycle and 
reduce the incompatibility bugs across a large group of developers.


> Such prohibitions also would prohibit the standard template library,
> except that that is also grandfathered in, and prohibits atl and wtl.
>
> The style guide is designed for an average and typical programmer who is
> not as smart as the early google programmers.   If you prohibit anything
> like wtl, you prohibit the best.

Right.  Real world is that an org has to call on the talents of a 
variety of programmers, high-end *and* aspirational, both.  So one tends 
to prohibit things that complicate the code for the bulk, and one tends 
to encourage tools that assist the majority.

I'd probably encourage things like protobufs for google.  They have a 
lot of programmers, and that tends to drive the equation more than other 
considerations.


> Prohibiting programmers from using multiple inheritance is like the BBC
> prohibiting the world "literally" instead of mandating that it be used
> correctly.  It implies that the BBC does not trust its speakers to
> understand the correct use of literally, and google does not trust its
> programmers to understand the correct use of multiple direct inheritance.


I often wish I had some form of static multiple inheritance in Java...



iang

More information about the cryptography mailing list